Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Ecosystems: cargo
Packages: starship
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 7 hours ago
High
GSA_kwCzR0hTQS03NzI2LTQzaGctbTIzds4AA-Hy
OpenAM FreeMarker template injection
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-oauth2
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 1 day ago
High
GSA_kwCzR0hTQS12cHJwLTk0cDktNWpwOM4AA-HD
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS04Z2o5LXI0aHYtM2pqd84AA-Gi
Apache Pinot: Unauthorized endpoint exposed sensitive information
Ecosystems: maven
Packages: org.apache.pinot:pinot-controller
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 days ago
High
GSA_kwCzR0hTQS1mbTg4LWhjM3YtM3d3d84AA-GG
Sentry vulnerable to stored Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 3 days ago
High
GSA_kwCzR0hTQS04aDU1LXE1cXEtcDY4Nc4AA-F1
(ReDoS) Regular Expression Denial of Service in tf2-item-format
Ecosystems: npm
Packages: tf2-item-format
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 4 days ago
High
GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds Write
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1qbXZwLTY5OGMtNHgzd84AA-FK
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 4 days ago
High
GSA_kwCzR0hTQS1jZnh3LTRoNzgtaDdmd84AA-E1
DNSJava DNSSEC Bypass
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 days ago
High
GSA_kwCzR0hTQS13MzZ3LTk0OGoteGhmd84AA-DC
H2O vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 6 days ago
High
GSA_kwCzR0hTQS00N21jLXFtaDItbXFqNM4AA-A4
Automad arbitrary file upload vulnerability
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS0zd2YyLTJwcTQtNHJ2Y84AA-Ay
Woodpecker's custom environment variables allow to alter execution flow of plugins
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS01bTNqLXB4aDctNDU1cM4AA-Ab
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-service-description
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 8 days ago
High
GSA_kwCzR0hTQS1xOGYyLWh4cTUtY3A0aM4AA-AD
Absent Input Validation in BinaryHttpParser
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-bhttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1oaHBnLXY2M3Atd3A3d84AA-AC
TorchServe gRPC Port Exposure
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1oYzV3LWd4eHItdzh4OM4AA9_5
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Ecosystems: go
Packages: github.com/bishopfox/sliver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS14cmg3LTJnZnEtNHJjcc4AA9_L
openCart Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 9 days ago
High
GSA_kwCzR0hTQS1jM3E5LWMyN3AtY3c5aM4AA9_J
projectdiscovery/nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
High
GSA_kwCzR0hTQS0ycndtLXh2NWotNzc3cM4AA9-i
Eclipse Parsson stack overflow when parsing deeply nested input
Ecosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 10 days ago
High
GSA_kwCzR0hTQS01NXJmLThxMjktNGc0M84AA9-g
Sylius has a security vulnerability via adjustments API endpoint
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 10 days ago
High
GSA_kwCzR0hTQS02NTIzLWpmNHItYzk2Ms4AA9-c
Apache StreamPipes has potential remote code execution (RCE) via file upload
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
GSA_kwCzR0hTQS1nNWh2LXI3NDMtdjhwbc4AA9-F
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 10 days ago
High
GSA_kwCzR0hTQS1nNG00LTlxNGMtbWZ3Ns4AA98D
Fiona affected by CVE-2020-14152 related to madler-zlib
Ecosystems: pypi
Packages: fiona
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 10 days ago
High
GSA_kwCzR0hTQS1oM3BxLTY2N3gtcjc4Oc4AA95v
Plate media plugins has a XSS in media embed element when using custom URL parsers
Ecosystems: npm
Packages: @udecode/plate-media
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 11 days ago
High
GSA_kwCzR0hTQS03cXBjLTR4eDkteDVxd84AA94-
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1qanZjLXY4Z3ctNTI1Nc4AA949
Apache Linkis DataSource remote code execution vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1jZ2NnLXA2OHEtM3c3ds4AA94z
langchain-experimental vulnerable to Arbitrary Code Execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 12 days ago
High
GSA_kwCzR0hTQS1jeDYzLTJtdzYtOGh3Nc4AA94q
setuptools vulnerable to Command Injection via package URL
Ecosystems: pypi
Packages: setuptools
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: 12 days ago
High
GSA_kwCzR0hTQS01Z3JyLTcyZjktNjc4ds4AA93Y
Malware package cipherbcrypt
Ecosystems: pypi
Packages: cipherbcrypt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS05Nzk0LXBjNHItNDM4d84AA93X
Local File Inclusion in Solara
Ecosystems: pypi
Packages: solara
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 14 days ago
High
GSA_kwCzR0hTQS1oaHdjLWdoOGgtOXJycM4AA90p
Apache Wicket: Remote code execution via XSLT injection
Ecosystems: maven
Packages: org.apache.wicket:wicket-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS0ycW13LXB2ZjctNG13Ns4AA90R
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 15 days ago
High
GSA_kwCzR0hTQS1nbWM2LWZ3ZzMtNzVtNc4AA9zq
Mimekit has vulnerable dependency that can lead to denial of service
Ecosystems: nuget
Packages: MimeKit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1mcTU0LTJqNTItamM0Ms4AA9w6
Next.js Denial of Service (DoS) condition
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 17 days ago
High
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 17 days ago
High
GSA_kwCzR0hTQS1xNmhnLTZtOXgtNWc5Y84AA9wr
Evmos vulnerable to exploit of smart contract account and vesting
Ecosystems: go
Packages: github.com/evmos/evmos/v18
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1nNTMzLXhxNXctam1mM84AA9wP
node-stringbuilder vulnerable to Out-of-bounds Read
Ecosystems: npm
Packages: node-stringbuilder
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 17 days ago
High
GSA_kwCzR0hTQS1xZzJwLTlqd3ItbW1xZs4AA9wQ
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS12anB2LXg4cDktN3A4Nc4AA9wM
images vulnerable to Denial of Service
Ecosystems: npm
Packages: images
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 17 days ago
High
GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: npm
Packages: node-twain
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS05am1mLTIzN2ctcWY0Ns4AA9wT
Django Path Traversal vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS13NWZjLWdqM2gtMjZyeM4AA9wS
speaker vulnerable to Denial of Service
Ecosystems: npm
Packages: speaker
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 17 days ago
High
GSA_kwCzR0hTQS1mNmY4LTlteDYtOW14Ms4AA9wW
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of Service
Ecosystems: npm
Packages: @discordjs/opus
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 17 days ago
High
GSA_kwCzR0hTQS03dmhtLWZtcGgtN3d4d84AA9wN
audify vulnerable to Improper Validation of Array Index
Ecosystems: npm
Packages: audify
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 17 days ago
High
GSA_kwCzR0hTQS1wajM2LWZjcmctMzI3as4AA9vz
BookStack Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS00NDdyLXdwaDMtOTJwbc4AA9up
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Formats.Asn1, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1ocTd3LXh2NXgtZzM0as4AA9uo
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.IO.Redist
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1jaGZjLTl3Nm0tNzVyZs4AA9un
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1oaDJ3LXA2cnYtNGc3d84AA9um
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 17 days ago
High
GSA_kwCzR0hTQS05anhjLXFqcjktdmp4cc4AA9rr
electron-updater Code Signing Bypass on Windows
Ecosystems: npm
Packages: electron-updater
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 17 days ago
High
GSA_kwCzR0hTQS1qNHI3LXA5ZnAtdzNmM84AA9rZ
Spring Cloud Function Framework vulnerable to Denial of Service
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 18 days ago
High
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 18 days ago
High
GSA_kwCzR0hTQS14cHA2LThyM2otd3c0M84AA9oi
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 18 days ago
High
GSA_kwCzR0hTQS1qZ2Y0LXZ3YzMtcjQ2ds4AA9oh
Directus Allows Single Sign-On User Enumeration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 18 days ago
High
GSA_kwCzR0hTQS00cTJwLWh3bXItcWN4Y84AA9nF
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1td3htLTM1ZjgtNnZnMs4AA9nD
Vanna vulnerable to SQL Injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1neHJ2LXdmMzUtNjJ3Oc4AA9m8
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 21 days ago
High
GSA_kwCzR0hTQS1wOWNnLXZxY2MtZ3JjeM4AA9m5
Server Side Request Forgery (SSRF) attack in Fedify
Ecosystems: npm
Packages: @fedify/fedify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS04bW02LXdtcHAtbW1tM84AA9ly
Gogs allows argument injection during the tagging of a new release
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 22 days ago
High
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of Service
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 23 days ago
High
GSA_kwCzR0hTQS12YzdqLTk5anctanJxbc4AA9d1
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 24 days ago
High
GSA_kwCzR0hTQS03OXc3LXZoM2gtOGc0as4AA9dz
yt-dlp File system modification and RCE through improper file-extension sanitization
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 25 days ago
High
GSA_kwCzR0hTQS0zNjY5LTcyeDktcjlwM84AA9ct
Potential memory exhaustion attack due to sparse slice deserialization
Ecosystems: go
Packages: github.com/gorilla/schema
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 25 days ago
High
GSA_kwCzR0hTQS1qaHF4LTV2NWctbXBmM84AA9cq
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Ecosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
GSA_kwCzR0hTQS0zcTU2LTljYzItNDZqNM4AA9bz
robinweser fast-loops vulnerable to prototype pollution
Ecosystems: npm
Packages: fast-loops
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 26 days ago
High
GSA_kwCzR0hTQS14M20zLTR3cHYtNXZnY84AA9bx
jrburke requirejs vulnerable to prototype pollution
Ecosystems: npm
Packages: requirejs
Source: GitHub Advisory Database
Blast Radius: 51.6
Published: 26 days ago
High
GSA_kwCzR0hTQS13NTh2LXIzY3AtcXI5M84AA9bt
@amoy/common v was discovered to contain a prototype pollution via the function extend
Ecosystems: npm
Packages: @amoy/common
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 26 days ago
High
GSA_kwCzR0hTQS1naDR4LXF2M3AtbTlwbc4AA9bq
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
Ecosystems: npm
Packages: @akbr/patch-into
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1nYzdtLTU5NmgteDU3cs4AA9br
frappejs was discovered to contain a prototype pollution via the function registerView
Ecosystems: npm
Packages: @airvertco/frappejs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS0yeHB4LXZjbXEtNWY3Ms4AA9aa
Unlimited number of NTS-KE connections can crash ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fields
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 29 days ago
High
GSA_kwCzR0hTQS1jZ3Z4LTk0NDctdmNjaM4AA9aK
ntlk unsafe deserialization vulnerability
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 29 days ago
High
GSA_kwCzR0hTQS1tNDVjLXY0NmgtYzc4OM4AA9Z4
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 29 days ago
High
GSA_kwCzR0hTQS13OXFmLTgzamctMng2Y84AA9Zx
lollms vulnerable to dot-dot-slash path traversal in XTTS server
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 29 days ago
High
GSA_kwCzR0hTQS05Y2htLW02eDItNmZ2Y84AA9Zw
lollms vulnerable to path traversal due to unauthenticated root folder settings change
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 29 days ago
High
GSA_kwCzR0hTQS01OG0zLXJjdnAtZjl3d84AA9ZT
h2o vulnerable to unexpected POST request shutting down server
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 29 days ago
High
GSA_kwCzR0hTQS0ycXczLTJ3djYtcDY0eM4AA9Yp
Path traversal in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 30 days ago
High
GSA_kwCzR0hTQS01dmdqLWdnbTQtZmc2Ms4AA9W1
pdoc embeds link to malicious CDN if math mode is enabled
Ecosystems: pypi
Packages: pdoc
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS14ZmhwLWpmOHAtbWg1d84AA9WW
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wcG01LWp2ODQtMnhnMs4AA9WS
Aimeos HTML client may potentially reveal sensitive information in error log
Ecosystems: packagist
Packages: aimeos/ai-client-html
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS02ODN4LTQ0NDQtanhoOM4AA9UM
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Ecosystems: maven
Packages: org.cyclonedx:cyclonedx-core-java
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tN3I4LTJyOTgtdnBwas4AA9Sw
Zip slip in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS03Y3JqLTI0ZzMtZzdoN84AA9S2
SQL injection in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oOTV4LTI2ZjMtODhocs4AA9P0
js2py allows remote code execution
Ecosystems: pypi
Packages: js2py
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NDQyLWdtNHYtcjIyMs4AA9Ps
Undertow's url-encoded request path information can be broken on ajp-listener
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jcGN4LXIyZ3EteDg5M84AA9Nu
LocalAI path traversal vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' event
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wN3I4LTd3ODctOGc0Ns4AA9J9
Dolibarr arbitrary file upload vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wMmNqLTg2djQtNzc4Ms4AA9KA
Moodle HTTP authorization header is preserved between "emulated redirects"
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS05Z2hoLW1tY3EtOHBoY84AA9I4
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xMnh4LWY4cjMtOW1nNc4AA9It
STRIMZI incorrect access control
Ecosystems: maven
Packages: io.strimzi:strimzi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zajRoLWgzZnAtdnd3d84AA9Il
LNbits improperly handles potential network and payment failures when using Eclair backend
Ecosystems: pypi
Packages: lnbits
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zaDV2LXE5M2MtNmg2cc4AA9Ij
ws affected by a DoS when handling a request with many HTTP headers
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xajg2LXY2bTctNHF2Ms4AA9Ii
Object Resolver Prototype Pollution
Ecosystems: npm
Packages: @apphp/object-resolver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS13bXZtLTl2cXYtNXFwcM4AA9HZ
langchain_experimental Code Execution via Python REPL access
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS01NDRyLWZjNjUtdjgzMs4AA9GM
Snipe-IT allows users to promote or demote themselves or other users
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03anA5LXZnbXEtYzhyNc4AA9DO
AdGuardHome privilege escalation vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04NXJnLThtNmgtODI1cM4AA9DN
Vulnerabilities with the k8sGPT
Ecosystems: go
Packages: github.com/k8sgpt-ai/k8sgpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 2,553
Ecosystems: 12
Filter by Severity
Moderate 8,559 High 6,707 Critical 2,930 Low 1,073
Filter by Ecosystem
maven 1,909 npm 1,444 pypi 1,258 packagist 1,177 nuget 817 go 728 cargo 338 rubygems 286 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 moodle/moodle 48 org.jenkins-ci.main:jenkins-core 48 com.fasterxml.jackson.core:jackson-databind 43 typo3/cms 37 dolibarr/dolibarr 33 org.apache.tomcat:tomcat 32 drupal/core 30 mlflow 29 typo3/cms-core 28 pimcore/pimcore 28 microweber/microweber 27 drupal/drupal 26 nokogiri 25 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 salt 21 symfony/symfony 21 ansible 20 github.com/rancher/rancher 20 thorsten/phpmyfaq 19 django 19 org.jenkins-ci.plugins:script-security 19 librenms/librenms 18 org.apache.tomcat.embed:tomcat-embed-core 17 openssl-src 17 Plone 17 pocketmine/pocketmine-mp 17 apache-airflow 17 getgrav/grav 16 rdiffweb 15 Microsoft.AspNetCore.App.Runtime.win-x64 15 parse-server 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 15 Microsoft.AspNetCore.App.Runtime.win-arm 14 github.com/hashicorp/consul 14 vyper 14 net.mingsoft:ms-mcms 14 centreon/centreon 14 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.win-arm64 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 io.undertow:undertow-core 13 silverstripe/framework 13 Django 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 org.apache.openmeetings:openmeetings-parent 12 github.com/hashicorp/vault 12 activerecord 12 electron 12 baserproject/basercms 12 github.com/argoproj/argo-cd 12 org.keycloak:keycloak-core 12 org.keycloak:keycloak-parent 11 intelliants/subrion 11 mautic/core 11 actionpack 11 Microsoft.NetCore.App.Runtime.win-arm64 10 keystone 10 Microsoft.NetCore.App.Runtime.win-arm 10 org.apache.solr:solr-core 10 org.keycloak:keycloak-services 10 Microsoft.NetCore.App.Runtime.win-x86 10 Microsoft.NetCore.App.Runtime.win-x64 10 org.apache.nifi:nifi 10 shopware/platform 10 org.springframework.security:spring-security-core 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 cobbler 10 github.com/nats-io/nats-server/v2 10 github.com/hashicorp/nomad 10 gradio 10 froxlor/froxlor 10 matrix-synapse 10 openmage/magento-lts 10 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 zendframework/zendframework1 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 mercurial 9 craftcms/cms 9 rusqlite 9 ckb 9 laravel/framework 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.apache.struts.xwork:xwork-core 9 github.com/ethereum/go-ethereum 9 org.apache.geode:geode-core 9 shopware/core 8 composer/composer 8 github.com/sylabs/singularity 8 Microsoft.NETCore.App.Runtime.win-x64 8 smarty/smarty 8 snipe/snipe-it 8 next 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x86 8 october/system 8 github.com/docker/docker 8 deno 8 org.bouncycastle:bcprov-jdk15 8 org.jenkins-ci.plugins.workflow:workflow-cps 7 zendframework/zendframework 7 Microsoft.AspNetCore.App.Runtime.osx-arm64 7 org.craftercms:crafter-studio 7 com.liferay.portal:release.portal.bom 7 github.com/traefik/traefik/v2 7 phpmailer/phpmailer 7 DotNetNuke.Core 7 apache-superset 7 codeigniter4/framework 7 pillow 7 tar 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 org.apache.tomcat:tomcat-coyote 7 com.xuxueli:xxl-job 7 org.springframework:spring-core 7 magento/core 7 org.apache.commons:commons-compress 7 org.eclipse.jetty:jetty-server 7 strapi 7 org.elasticsearch:elasticsearch 7 gogs.io/gogs 7 directus 7 symfony/security 7 cn.hutool:hutool-core 7 cakephp/cakephp 7 org.apache.inlong:manager-pojo 7 prestashop/prestashop 6 github.com/gravitl/netmaker 6 symfony/security-http 6 opencart/opencart 6 guzzlehttp/guzzle 6 @strapi/strapi 6 org.apache.camel:camel-core 6 waitress 6 handlebars 6 ryu 6 Microsoft.AspNetCore.All 6 contao/core-bundle 6 github.com/argoproj/argo-cd/v2 6 github.com/hyperledger/fabric 6 github.com/cilium/cilium 6 de.tum.in.ase:artemis-java-test-sandbox 6 ezsystems/ezpublish-kernel 6 sized-chunks 6 kiwitcms 6 nautobot 6 sequelize 6 org.apache.cxf:cxf 6 golang.org/x/crypto 6 cryptography 6 OPCFoundation.NetStandard.Opc.Ua.Core 6 rack 6 opencv-python-headless 6 Microsoft.NETCore.App 6 opencv-contrib-python-headless 6 express-cart 6 npm 6 istio.io/istio 6 contao/contao 6 k8s.io/kubernetes 6 github.com/grafana/grafana 6 org.apache.tika:tika-core 6 @openzeppelin/contracts 6 github.com/zitadel/zitadel 6 wwbn/avideo 6 code.gitea.io/gitea 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 org.apache.dolphinscheduler:dolphinscheduler 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 pear/archive_tar 5 github.com/cri-o/cri-o 5 CefSharp.Common 5 org.apache.mesos:mesos 5 ezsystems/ezpublish-legacy 5 mediawiki/core 5 @openzeppelin/contracts-upgradeable 5 com.vaadin:vaadin-bom 5 matrix-js-sdk 5 forkcms/forkcms 5 plone 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 35 https://github.com/django/django 29 https://github.com/apache/airflow 26 https://github.com/pimcore/pimcore 26 https://github.com/python-pillow/Pillow 26 https://github.com/moodle/moodle 25 https://github.com/microweber/microweber 25 https://github.com/keycloak/keycloak 24 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/symfony/symfony 21 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/dotnet/runtime 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/rancher/rancher 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/spring-projects/spring-framework 16 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/apache/inlong 14 https://github.com/mlflow/mlflow 14 https://github.com/TYPO3/typo3 14 https://github.com/github/advisory-database 14 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/getgrav/grav 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/hashicorp/consul 11 https://github.com/argoproj/argo-cd 11 https://github.com/apache/nifi 11 https://github.com/go-gitea/gitea 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/strapi/strapi 10 https://github.com/gradio-app/gradio 10 https://github.com/apache/camel 9 https://github.com/rusqlite/rusqlite 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/openstack/keystone 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cloudfoundry/uaa 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cui2shark/cms 9 https://github.com/matrix-org/synapse 8 https://github.com/cobbler/cobbler 8 https://github.com/dotnet/aspnetcore 8 https://github.com/bcgit/bc-java 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/apache/cxf 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/shopware/platform 8 https://github.com/nats-io/nats-server 8 https://github.com/snipe/snipe-it 8 https://github.com/denoland/deno 8 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/saltstack/salt 7 https://github.com/smarty-php/smarty 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/laravel/framework 7 https://github.com/composer/composer 7 https://github.com/spring-projects/spring-security 7 https://github.com/directus/directus 7 https://github.com/rubygems/rubygems 7 https://github.com/eclipse/jetty.project 7 https://github.com/hashicorp/vault 7 https://github.com/netty/netty 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/OPCFoundation/UA-.NETStandard 7 https://github.com/contao/contao 6 https://github.com/dromara/hutool 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gogs/gogs 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/faucetsdn/ryu 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/cilium/cilium 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/npm/node-tar 6 https://github.com/OpenNMS/opennms 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nautobot/nautobot 6 https://github.com/xuxueli/xxl-job 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/TYPO3-CMS/core 6 https://github.com/intelliants/subrion 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/vercel/next.js 6 https://github.com/istio/istio 6 https://github.com/bodil/sized-chunks 6 https://github.com/Pylons/waitress 6 https://github.com/WWBN/AVideo 6 https://github.com/ls1intum/Ares 6 https://github.com/opencast/opencast 6 https://github.com/geoserver/geoserver 6 https://github.com/froxlor/froxlor 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/traefik/traefik 6 https://github.com/sequelize/sequelize 6 https://github.com/backstage/backstage 6 https://github.com/guzzle/guzzle 6 https://github.com/gravitl/netmaker 6 https://github.com/cakephp/cakephp 5 https://github.com/apache/hadoop 5 https://github.com/answerdev/answer 5 https://github.com/drupal/core 5 https://github.com/pear/Archive_Tar 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/twisted/twisted 5 https://github.com/getkirby/kirby 5 https://github.com/apache/kylin 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/cri-o/cri-o 5 https://github.com/docker/docker 5 https://github.com/phpseclib/phpseclib 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/zendframework/zendframework 5 https://github.com/zopefoundation/Zope 5 https://github.com/yiisoft/yii2 5 https://github.com/aubio/aubio 5 https://github.com/forkcms/forkcms 5 https://github.com/apache/dolphinscheduler 5 https://github.com/ethereum/go-ethereum 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/hpcng/singularity 5 https://github.com/tidwall/gjson 4 https://github.com/openstack/nova 4 https://github.com/jettison-json/jettison 4 https://github.com/free5gc/free5gc 4 https://github.com/containers/podman 4 https://github.com/ethyca/fides 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/silverstripe/silverstripe-graphql 4 https://github.com/nltk/nltk 4 https://github.com/nightcloudos/new_cms 4 https://github.com/apache/geode 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/surrealdb/surrealdb 4 https://github.com/libp2p/go-libp2p 4 https://github.com/cloudflare/cfrpki 4 https://github.com/vrana/adminer 4 https://github.com/getsentry/sentry 4 https://github.com/centreon/centreon-archived 4 https://github.com/fiveai/Cachet 4 https://github.com/bolt/bolt 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/totaljs/framework 4 https://github.com/containers/buildah 4 https://github.com/npm/cli 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/wixtoolset/issues 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/igniterealtime/Openfire 4 https://github.com/sebhildebrandt/systeminformation 4 https://github.com/decidim/decidim 4 https://github.com/apple/swift-nio-http2 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/opencart/opencart 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/opencontainers/runc 4 https://github.com/Codiad/Codiad 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/playframework/playframework 4 https://github.com/hashicorp/nomad 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/hashicorp/go-getter 4 https://github.com/baserproject/basercms 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/vantage6/vantage6 4