Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1jNjM2LWNnNXItMjQ5OM4AA8jW
Symfony XML Entity Expansion security vulnerability
Ecosystems: packagist
Packages: symfony/dependency-injection
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 32 minutes ago
High
GSA_kwCzR0hTQS00cm1nLTI5Mm0td2czd84AA8jS
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: about 2 hours ago
High
GSA_kwCzR0hTQS05MjdwLXhyYzIteDJnas4AA8jJ
ansibleguy-webui Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: ansibleguy-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 23 hours ago
High
GSA_kwCzR0hTQS14YzY5LXA4ZmMtbTZtNc4AA8i_
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
Ecosystems: packagist
Packages: silverstripe/subsites
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 1 day ago
High
GSA_kwCzR0hTQS1wMnY1LXhjcW0tNGZ2Ns4AA8i-
silverstripe/taxonomy SQL Injection vulnerability
Ecosystems: packagist
Packages: silverstripe/taxonomy
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 1 day ago
High
GSA_kwCzR0hTQS04YzhxLTJ4dzMtajg2Oc4AA8i6
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
Ecosystems: rubygems
Packages: rack-contrib
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 1 day ago
High
GSA_kwCzR0hTQS1nM2hyLXA4NnAtNTkzaM4AA8i5
OpenAPI Generator Online - Arbitrary File Read/Delete
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS13amc5LXY4Y2YtZjVxMs4AA8i3
silverstripe/graphql Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 1 day ago
High
GSA_kwCzR0hTQS0yNjVxLTIyMngtNTJtNs4AA8i2
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 1 day ago
High
GSA_kwCzR0hTQS1jd2dxLTgzdzUtOGpmcc4AA8i1
silverstripe/framework has possible denial of service attack vector when flushing
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 1 day ago
High
GSA_kwCzR0hTQS12Y2c2LThmeGMteDVjcc4AA8iz
silverstripe/framework allows upload of dangerous file types
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 2 days ago
High
GSA_kwCzR0hTQS12Z3hoLXg4anYtaG1mZs4AA8iv
silverstripe/framework code execution vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 2 days ago
High
GSA_kwCzR0hTQS1tNXEzLW12Y3ItZ2M1bc4AA8iu
silverstripe/framework BackURL validation bypass with malformed URLs
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 2 days ago
High
GSA_kwCzR0hTQS14eDRyLTUyNjUtNDhqNs4AA8iq
silverstripe/framework SQL injection in full text search
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1tcWpjLXg1NjMtYzlxOM4AA8io
silverstripe/framework CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 2 days ago
High
GSA_kwCzR0hTQS03bTJ2LXg3cmctNWhtNc4AA8in
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS00cXg4LWo5dmgtMjYyOM4AA8im
silverstripe/framework's User-Agent header not correctly invalidating user session
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 2 days ago
High
GSA_kwCzR0hTQS1oZmc3LWo4MmMtZnIzd84AA8iY
Soot Infinite Loop vulnerability
Ecosystems: maven
Packages: org.soot-oss:soot
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 5 days ago
High
GSA_kwCzR0hTQS0zOTY1LWhweDItcTU5N84AA8iR
Pug allows JavaScript code execution if an application accepts untrusted input
Ecosystems: npm
Packages: pug, pug-code-gen
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: 5 days ago
High
GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht
Silverstripe X-Forwarded-Host request hostname injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 6 days ago
High
GSA_kwCzR0hTQS0zbW05LTJwNDQtcnczOc4AA8gM
Silverstripe SiteTree Creation Permission Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 7 days ago
High
GSA_kwCzR0hTQS14Z3doLWNndjktNzgzds4AA8f0
Ghost allows CSV Injection during member CSV export
Ecosystems: npm
Packages: @tryghost/members-csv
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 7 days ago
High
GSA_kwCzR0hTQS03dzQ3LTN3ZzgtNTQ3Y84AA8fW
gix traversal outside working tree enables arbitrary code execution
Ecosystems: cargo
Packages: gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 7 days ago
High
GSA_kwCzR0hTQS1xdjZ4LTUzamotdnc1Oc4AA8df
NASA AIT-Core uses unencrypted channels to exchange data over the network
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 8 days ago
High
GSA_kwCzR0hTQS05cGh3LTdoOTYtcTNyds4AA8ab
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1oNm1wLW1jN2ctbWc0Oc4AA8aa
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1wajI3LTJ4dnAtNHF4Z84AA8aZ
@fastify/session reuses destroyed session cookie
Ecosystems: npm
Packages: @fastify/session
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 8 days ago
High
GSA_kwCzR0hTQS01Zjk3LWgyYzItODI2cc4AA8WE
json-schema-ref-parser Prototype Pollution issue
Ecosystems: npm
Packages: @apidevtools/json-schema-ref-parser
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: 9 days ago
High
GSA_kwCzR0hTQS0yZzk4LWY5anYtdzhjNc4AA8V2
robrichards/xmlseclibs XPath injection
Ecosystems: packagist
Packages: robrichards/xmlseclibs
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 9 days ago
High
GSA_kwCzR0hTQS0yZjQ2LTR4am0tNzN4Nc4AA8Vw
Passbolt API Stored XSS on first/last name during setup
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1jdjVjLTJxdjUtdzJtMs4AA8Vv
Passbolt Api Remote code execution
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1xeHFmLTJtZngteDhqd84AA8Vj
veraPDF has potential XSLT injection vulnerability when using policy files
Ecosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 days ago
High
GSA_kwCzR0hTQS05MzI4LWdjZnEtcDI2Oc4AA8R0
Tor Arti's STUB circuits incorrectly have a length of 2
Ecosystems: cargo
Packages: tor-circmgr, arti
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 12 days ago
High
GSA_kwCzR0hTQS03Z2dtLTRyamctNTk0d84AA8R2
litellm passes untrusted data to `eval` function without sanitization
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1yMnI4LTM2cHEtMjdjbc4AA8Rw
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
Ecosystems: packagist
Packages: nzo/url-encryptor-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS02Y2ozLXJjNHAtZjM4Zs4AA8Ru
Cross-site Scripting vulnerabilities in Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS0zYzVnLTczZjctZ3J2bc4AA8Rr
Neos Information Disclosure Security Note
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1oeGhjLXdtZzgteHJxZs4AA8Rm
namshi/jose insecure JSON Web Signatures (JWS)
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1wdzM4LXh2OXgtaDhjaM4AA8Jv
RunGptLLM class in LlamaIndex has a command injection
Ecosystems: pypi
Packages: llama-index-llms-rungpt, llama-index
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 13 days ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 13 days ago
High
GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS02anZ4LThjaDktajJqcs4AA8In
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0yODY3LTZycm0tMzhncs4AA8Ih
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0yZ3EyLW02MjgtMzN4cM4AA8Ic
gregwar/rst Local File Inclusion Vulnerability
Ecosystems: packagist
Packages: gregwar/rst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0yNmhwLWNnamotbTJqM84AA8IZ
fuel/core ImageMagick driver does not escape all shell arguments.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
FOSUserBundle Session Hijacking Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0zZzQzLXhmcnctcHY1bc4AA8IS
eZ Platform User data disclosure
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS05ODk1LTI2d3ItNGZnds4AA8IP
EZsystems Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS14OHhtLXdyanEtNWc1NM4AA8H3
Stakater Forecastle has a directory traversal vulnerability
Ecosystems: go
Packages: github.com/stakater/Forecastle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1wOW1wLXZxNHYtdjVtNc4AA8Hv
eZ Publish Legacy Passwordless login for LDAP users
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS00NXFtLWo0bTktd2h2Oc4AA8Hm
eZ Platform CSRF token in login form is disabled by default
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1oZnBwLTJ2aHctcXE0M84AA8Hl
eZ Platform Admin UI Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-user
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0ydzlwLXh4cXItaDI1M84AA8Hk
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1jZzg0LTU1angtNDIzN84AA8Hi
eZ Platform Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS05Y3EyLXBjZ3ItOGg2Ms4AA8Hf
Cross-site Scripting in eZFind spellcheck
Ecosystems: packagist
Packages: ezsystems/ezfind-ls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1qcTlxLTZwNDItcXByN84AA8Hc
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/ezdemo-ls-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS04Yzg1LTRycjUtY2hyNM4AA8Hd
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/demobundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1qNjZwLWZ2cDItZnhoas4AA8HZ
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 14 days ago
High
GSA_kwCzR0hTQS1tOWZ2LXdocTItNndtY84AA8HW
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 14 days ago
High
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 14 days ago
High
GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 14 days ago
High
GSA_kwCzR0hTQS12anJnLXdwbTgtcmhyd84AA8HA
doctrine/orm Regression in Query Parenthesis can have Security Implications
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS03Nnc4LW1xeDQtd2pyZs4AA8G8
Doctrine DBAL SQL injection possibility
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 14 days ago
High
GSA_kwCzR0hTQS13cTQzLThyNXAtdzNtY84AA8G6
contao/core PHP object injection vulnerability allows for arbitrary code execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
OpenCFP Framework (Sentry) Account takeover via null password reset codes
Ecosystems: packagist
Packages: cartalyst/sentry
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 14 days ago
High
GSA_kwCzR0hTQS1wZ2o0LWc1ajQtY21meM4AA8GO
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
Ecosystems: packagist
Packages: cart2quote/module-quotation-encoded
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 14 days ago
High
GSA_kwCzR0hTQS0zMnJ4LXh2dnItNHh2Oc4AA8GH
easyadmin-extension-bundle action case insensitivity
Ecosystems: packagist
Packages: alterphp/easyadmin-extension-bundle
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 14 days ago
High
GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
Ecosystems: packagist
Packages: 3f/pygmentize
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 14 days ago
High
GSA_kwCzR0hTQS1mOHY1LWptZmgtcHI2Oc4AA8GC
Grav Vulnerable to Arbitrary File Read to Account Takeover
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 14 days ago
High
GSA_kwCzR0hTQS1wOTc4LTU2aHEtcjQ5Ms4AA8Ex
Grafana folders admin only permission privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 15 days ago
High
GSA_kwCzR0hTQS1teDQ3LTY0OTctM2Z2Ms4AA8En
Grafana account takeover via OAuth vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 15 days ago
High
GSA_kwCzR0hTQS12dzdxLXAycWctNG01Zs4AA8El
Grafana Stored Cross-site Scripting in Unified Alerting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 15 days ago
High
GSA_kwCzR0hTQS1oZjU0LWZxMm0tcDl2Ns4AA8Eb
dotmesh arbitrary file read and/or write
Ecosystems: go
Packages: github.com/dotmesh-io/dotmesh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
High
GSA_kwCzR0hTQS0ydmpxLWhnNXctNWdtN84AA8EL
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 15 days ago
High
GSA_kwCzR0hTQS02d3ZmLWYydnctMzQyNc4AA78t
github.com/containers/image allows unexpected authenticated registry accesses
Ecosystems: go
Packages: github.com/containers/image/v5, github.com/containers/image
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 15 days ago
High
GSA_kwCzR0hTQS1yMmhyLTR2NDgtZmp2M84AA74u
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 16 days ago
High
GSA_kwCzR0hTQS1oNnI0LXh2dzYtamM1aM4AA74t
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 16 days ago
High
GSA_kwCzR0hTQS05M3gzLW03cHctcHBxbc4AA74k
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 16 days ago
High
GSA_kwCzR0hTQS1qY3FxLWc2NHYtZ2NtN84AA74Z
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
Ecosystems: go
Packages: github.com/spacemeshos/api, github.com/spacemeshos/go-spacemesh
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 19 days ago
High
GSA_kwCzR0hTQS1mcjVoLXJxcDgtbWo2Z84AA74P
Next.js Server-Side Request Forgery in Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 20 days ago
High
GSA_kwCzR0hTQS03N3I1LWd3M2otMm1wZs4AA74O
Next.js Vulnerable to HTTP Request Smuggling
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 20 days ago
High
GSA_kwCzR0hTQS14OXZjLTZoZnYtaGc4Y84AA74L
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Ecosystems: nuget
Packages: Npgsql
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 20 days ago
High
GSA_kwCzR0hTQS0zOGdmLXJoMnctZ21qN84AA74H
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: npm
Packages: @cyclonedx/cyclonedx-library
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 21 days ago
High
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS04N2hxLXE0Z3AtOXdyNM4AA70i
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Ecosystems: npm
Packages: react-pdf
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 22 days ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
High
GSA_kwCzR0hTQS13Z3JtLTY3eGYtaGhwcc4AA7z7
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Ecosystems: npm
Packages: pdfjs-dist
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 22 days ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
High
GSA_kwCzR0hTQS0yZzY4LWMzcWMtODk4Nc4AA7xx
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 23 days ago
High
GSA_kwCzR0hTQS04M3B2LXFyMzMtMnZjZs4AA7xv
Litestar and Starlite vulnerable to Path Traversal
Ecosystems: pypi
Packages: litestar, starlite
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 23 days ago
High
GSA_kwCzR0hTQS00eGM5LThobXEtajY1Ms4AA7xu
go-ethereum vulnerable to DoS via malicious p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 23 days ago
High
GSA_kwCzR0hTQS1ncW1mLWpxZ3Ytdjhmd84AA7v4
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 26 days ago
High
GSA_kwCzR0hTQS03cGMzLXByM3EtNTh2Z84AA7v3
sagemaker-python-sdk Command Injection vulnerability
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 26 days ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 2,482
Ecosystems: 12
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-contrib-python 22 opencv-python 22 Pillow 21 com.jfinal:jfinal 21 salt 20 ansible 20 django 19 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 pocketmine/pocketmine-mp 17 openssl-src 17 apache-airflow 16 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 getgrav/grav 16 rdiffweb 15 parse-server 15 nilsteampassnet/teampass 15 github.com/hashicorp/consul 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 net.mingsoft:ms-mcms 14 silverstripe/framework 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 golang.org/x/net 13 rubygems-update 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.keycloak:keycloak-core 12 org.apache.openmeetings:openmeetings-parent 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 actionpack 11 intelliants/subrion 11 mautic/core 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/vault 11 org.keycloak:keycloak-parent 11 matrix-synapse 10 keystone 10 cobbler 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 org.springframework.security:spring-security-core 10 org.apache.nifi:nifi 10 github.com/nats-io/nats-server/v2 10 froxlor/froxlor 10 shopware/platform 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 Django 10 Microsoft.NetCore.App.Runtime.win-x86 9 org.bouncycastle:bcprov-jdk14 9 ckb 9 org.apache.struts.xwork:xwork-core 9 mercurial 9 rusqlite 9 org.apache.solr:solr-core 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 laravel/framework 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-arm 9 craftcms/cms 9 github.com/ethereum/go-ethereum 9 org.apache.hadoop:hadoop-main 9 smarty/smarty 8 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 shopware/core 8 org.bouncycastle:bcprov-jdk15 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x64 8 github.com/sylabs/singularity 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-x86 8 org.keycloak:keycloak-services 8 com.liferay.portal:release.portal.bom 7 cakephp/cakephp 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 snipe/snipe-it 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 codeigniter4/framework 7 next 7 org.apache.inlong:manager-pojo 7 magento/core 7 deno 7 org.eclipse.jetty:jetty-server 7 pillow 7 apache-superset 7 github.com/docker/docker 7 com.xuxueli:xxl-job 7 strapi 7 symfony/security 7 org.elasticsearch:elasticsearch 7 org.apache.commons:commons-compress 7 DotNetNuke.Core 7 org.springframework:spring-core 7 tar 7 phpmailer/phpmailer 7 cn.hutool:hutool-core 7 gogs.io/gogs 7 org.craftercms:crafter-studio 7 @strapi/strapi 6 opencv-contrib-python-headless 6 github.com/zitadel/zitadel 6 opencv-python-headless 6 org.apache.tomcat:tomcat-coyote 6 org.apache.camel:camel-core 6 npm 6 github.com/traefik/traefik/v2 6 org.apache.tika:tika-core 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 org.apache.cxf:cxf 6 cryptography 6 @openzeppelin/contracts 6 istio.io/istio 6 k8s.io/kubernetes 6 express-cart 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 de.tum.in.ase:artemis-java-test-sandbox 6 golang.org/x/crypto 6 nautobot 6 symfony/security-http 6 contao/contao 6 prestashop/prestashop 6 composer/composer 6 rack 6 ezsystems/ezpublish-kernel 6 sequelize 6 Microsoft.AspNetCore.All 6 github.com/hyperledger/fabric 6 contao/core-bundle 6 waitress 6 handlebars 6 sized-chunks 6 guzzlehttp/guzzle 6 wwbn/avideo 6 kiwitcms 6 Microsoft.NETCore.App 6 OPCFoundation.NetStandard.Opc.Ua.Core 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 phpbb/phpbb 5 pear/archive_tar 5 matrix-js-sdk 5 CefSharp.Common 5 plone 5 directus 5 nova 5 forkcms/forkcms 5 org.apache.xmlgraphics:batik 5 org.xwiki.platform:xwiki-platform-web 5 passenger 5 github.com/IBAX-io/go-ibax 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 ezsystems/ezpublish-legacy 5 github.com/answerdev/answer 5 @openzeppelin/contracts-upgradeable 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 org.apache.mesos:mesos 5 github.com/argoproj/argo-cd/v2 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/django/django 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/keycloak/keycloak 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/librenms/librenms 14 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/mlflow/mlflow 13 https://github.com/rails/rails 12 https://github.com/mautic/mautic 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/hashicorp/consul 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/cui2shark/cms 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/apache/camel 9 https://github.com/nervosnetwork/ckb 9 https://github.com/openstack/keystone 9 https://github.com/cloudfoundry/uaa 9 https://github.com/kubernetes/kubernetes 9 https://github.com/golang/go 9 https://github.com/rusqlite/rusqlite 9 https://github.com/strapi/strapi 9 https://github.com/cobbler/cobbler 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/denoland/deno 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/nats-io/nats-server 8 https://github.com/shopware/platform 8 https://github.com/eclipse/jetty.project 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/dotnet/aspnetcore 7 https://github.com/netty/netty 7 https://github.com/apache/activemq 7 https://github.com/DSpace/DSpace 7 https://github.com/laravel/framework 7 https://github.com/undertow-io/undertow 7 https://github.com/spring-projects/spring-security 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/cxf 7 https://github.com/rubygems/rubygems 7 https://github.com/smarty-php/smarty 7 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/magento/magento2 6 https://github.com/zitadel/zitadel 6 https://github.com/ls1intum/Ares 6 https://github.com/pyca/cryptography 6 https://github.com/Pylons/waitress 6 https://github.com/bodil/sized-chunks 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/WWBN/AVideo 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/guzzle/guzzle 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/gravitl/netmaker 6 https://github.com/OpenNMS/opennms 6 https://github.com/TYPO3/typo3 6 https://github.com/intelliants/subrion 6 https://github.com/backstage/backstage 6 https://github.com/froxlor/froxlor 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/npm/node-tar 6 https://github.com/opencast/opencast 6 https://github.com/CVEProject/cvelist 6 https://github.com/grafana/grafana 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/drupal/core 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/twisted/twisted 5 https://github.com/getkirby/kirby 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/docker/docker 5 https://github.com/hpcng/singularity 5 https://github.com/apache/hadoop 5 https://github.com/directus/directus 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/forkcms/forkcms 5 https://github.com/vercel/next.js 5 https://github.com/answerdev/answer 5 https://github.com/traefik/traefik 5 https://github.com/cakephp/cakephp 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ethereum/go-ethereum 5 https://github.com/apache/dolphinscheduler 5 https://github.com/cefsharp/CefSharp 5 https://github.com/zopefoundation/Zope 5 https://github.com/apache/kylin 5 https://github.com/geoserver/geoserver 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/gogs/gogs 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/cilium/cilium 5 https://github.com/hashicorp/nomad 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/baserproject/basercms 4 https://github.com/silverstripe/silverstripe-graphql 4 https://github.com/cloudflare/cfrpki 4 https://github.com/openstack/nova 4 https://github.com/totaljs/framework 4 https://github.com/wixtoolset/issues 4 https://github.com/vantage6/vantage6 4 https://github.com/cri-o/cri-o 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/statamic/cms 4 https://github.com/Froxlor/Froxlor 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/apache/geode 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/PrismJS/prism 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/containers/buildah 4 https://github.com/bolt/bolt 4 https://github.com/containers/podman 4 https://github.com/free5gc/free5gc 4 https://github.com/ethyca/fides 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/fiveai/Cachet 4 https://github.com/igniterealtime/Openfire 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/Codiad/Codiad 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/surrealdb/surrealdb 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/ericcornelissen/shescape 4 https://github.com/yiisoft/yii2 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/centreon/centreon-archived 4 https://github.com/apple/swift-nio-http2 4 https://github.com/npm/cli 4 https://github.com/playframework/playframework 4 https://github.com/libp2p/go-libp2p 4 https://github.com/nocodb/nocodb 4 https://github.com/quarkusio/quarkus 4 https://github.com/Marak/colors.js 3 https://github.com/liufee/cms 3 https://github.com/h2database/h2database 3 https://github.com/lodash/lodash 3