Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS14NW03LTYzYzYtZng3Oc4AA7T3
Cluster Monitoring Operator contains a credentials leak
Ecosystems: go
Packages: github.com/openshift/cluster-monitoring-operator
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 22 hours ago
High
GSA_kwCzR0hTQS02ZzU2LXY5cWctanA5Ms4AA7S7
Heketi Arbitrary Code Execution
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 days ago
High
GSA_kwCzR0hTQS1mOXhmLWpxNGotdnF3NM4AA7Sr
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 days ago
High
GSA_kwCzR0hTQS1wdnhqLTI1bTYtN3Zxcs4AA7Sq
Rancher Privilege escalation vulnerability via malicious "Connection" header
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 days ago
High
GSA_kwCzR0hTQS1ndmg5LXhncnEtcjhod84AA7Sp
Rancher's Steve API Component Improper authorization check allows privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 days ago
High
GSA_kwCzR0hTQS0yOGc3LTg5NmgtNjk1ds4AA7So
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 2 days ago
High
GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 days ago
High
GSA_kwCzR0hTQS1yMjNoLTNqbXctcTdocs4AA7Sh
Access Restriction Bypass in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 2 days ago
High
GSA_kwCzR0hTQS1tcTM1LXg5OXItNTRmY84AA7Se
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/u-root/u-root/pkg/cpio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS01eHYzLWZtN2ctODY1cs4AA7R-
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS04cDVyLTZtdnYtMjQzNc4AA7R9
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS02MjRnLThxamctOHF4Zs4AA7QR
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Ecosystems: npm
Packages: @conform-to/yup, @conform-to/zod, @conform-to/dom
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
High
GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerability
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 4 days ago
High
GSA_kwCzR0hTQS0zaDZjLWM0NzUtam03ds4AA7PT
Arbitrary Code Execution in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 4 days ago
High
GSA_kwCzR0hTQS1xbW1tLTczcjItZjh4cs4AA7PR
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
Ecosystems: npm
Packages: @hoppscotch/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 4 days ago
High
GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 4 days ago
High
GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 days ago
High
GSA_kwCzR0hTQS1xd2h3LWhoOWotNTRmNc4AA7PI
Ant Media Server vulnerable to a local privilege escalation
Ecosystems: maven
Packages: io.antmedia:ant-media-server
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 4 days ago
High
GSA_kwCzR0hTQS03N3g0LTU1cTctNHZtas4AA7O1
Apache HugeGraph-Hubble: SSRF in Hubble connection page
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-hubble
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
High
GSA_kwCzR0hTQS02bWdwLXA3NXItdmhqbc4AA7O6
Apache HugeGraph-Server: Bypass whitelist in Auth mode
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1oZ3h3LTV4ZzMtNjlqeM4AA7Nw
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 7 days ago
High
GSA_kwCzR0hTQS02Zzd3LTh3cHAtZnJoas4AA7Nv
Infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
Ecosystems: cargo
Packages: rustls
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 days ago
High
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 8 days ago
High
GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 8 days ago
High
GSA_kwCzR0hTQS1qamZmLXEzcTQtNWhoOM4AA7Lu
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
Ecosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS03MnZwLXhmcmMtNDJ4bc4AA7JA
Keycloak path transversal vulnerability in redirection validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1tNnE5LXAzNzMtZzVxOM4AA7I_
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 9 days ago
High
GSA_kwCzR0hTQS02cW14LTQyaDItajhoNs4AA7I9
.NET Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x86, Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS04bTQ1LTJyam0tajM0N84AA7I8
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Ecosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 9 days ago
High
GSA_kwCzR0hTQS02cHBnLXJncmctZjU3M84AA7ET
Dolibarr vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 days ago
High
GSA_kwCzR0hTQS04Y3BoLW02ODUtNnY2cs4AA7DZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
GSA_kwCzR0hTQS0yd3JwLTZmZzYtaG1jNc4AA7Ch
Spring Framework URL Parsing with Host Validation
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: 10 days ago
High
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path Traversal
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 11 days ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 days ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1qNjJyLXd4cXEtZjNnZs4AA7B4
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 days ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 days ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 11 days ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 days ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 11 days ago
High
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file system
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 14 days ago
High
GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settings
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 14 days ago
High
GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 14 days ago
High
GSA_kwCzR0hTQS00dnd4LTU0bXctdnFmd84AA69W
Traefik vulnerable to denial of service with Content-length header
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 14 days ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 14 days ago
High
GSA_kwCzR0hTQS1wM2o2LWY0NWgtaHc1Zs4AA68J
tiagorlampert CHAOS vulnerable to command injections
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description field
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 15 days ago
High
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 16 days ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 16 days ago
High
GSA_kwCzR0hTQS05d3dwLXE3d3EtangzNc4AA63x
@fastify/secure-session: Reuse of destroyed secure session cookie
Ecosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 16 days ago
High
GSA_kwCzR0hTQS1oanE2LTUyZ3ctMmc3cM4AA63l
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 16 days ago
High
GSA_kwCzR0hTQS1qcG14LTk5NnYtNDhmbc4AA62D
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron-http-oidc
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 16 days ago
High
GSA_kwCzR0hTQS1ndjN3LW01N3AtM3djNM4AA6wY
gin-vue-admin background arbitrary code coverage vulnerability
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin/server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 17 days ago
High
GSA_kwCzR0hTQS12NmYzLWdoNWgtbXF3eM4AA6wV
DIRAC: Unauthorized users can read proxy contents during generation
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 17 days ago
High
GSA_kwCzR0hTQS1odzQyLTM1Njgtd2o4N84AA6v1
google-oauth-java-client improperly verifies cryptographic signature
Ecosystems: maven
Packages: com.google.oauth-client:google-oauth-client
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 17 days ago
High
GSA_kwCzR0hTQS1mcmMyLXcyY2MteDc5NM4AA6vy
Eclipse Kura LogServlet vulnerability
Ecosystems: maven
Packages: org.eclipse.kura:org.eclipse.kura.web2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS12NG1tLXE4ZnYtcjJ3Nc4AA6vZ
WildFly Elytron: SSRF security issue
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron-realm-token
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 17 days ago
High
GSA_kwCzR0hTQS01ang1LWhxeDUtMnZyas4AA6uv
Ollama DNS rebinding vulnerability
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
High
GSA_kwCzR0hTQS1wMjh4LWhqNjgtN3ZmcM4AA6ug
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 18 days ago
High
GSA_kwCzR0hTQS14Zmh3LTZtYzQtbWd4Zs4AA6qR
crayon: ObjectPool creates uninitialized memory when freeing objects
Ecosystems: cargo
Packages: crayon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS13NXc1LTh2ZmgteGNqcc4AA6qQ
whoami stack buffer overflow on several Unix platforms
Ecosystems: cargo
Packages: whoami
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 21 days ago
High
GSA_kwCzR0hTQS00djUyLTdxMngtdjR4as4AA6qK
eyre: Parts of Report are dropped as the wrong type during downcast
Ecosystems: cargo
Packages: eyre
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 21 days ago
High
GSA_kwCzR0hTQS13N2htLWhteHYtcHZoZs4AA6qJ
HPACK decoder panics on invalid input
Ecosystems: cargo
Packages: hpack
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 21 days ago
High
GSA_kwCzR0hTQS14OXhjLTYzaGctdmNmcc4AA6qG
cassandra-rs's non-idiomatic use of iterators leads to use after free
Ecosystems: cargo
Packages: cassandra-cpp
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 21 days ago
High
GSA_kwCzR0hTQS01cGdnLTJnOHYtcDR4Oc4AA6pz
SheetJS Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 21 days ago
High
GSA_kwCzR0hTQS0yN2p4LWZmdzgteHJxds4AA6pB
pgAdmin Remote Code Execution (RCE) vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 22 days ago
High
GSA_kwCzR0hTQS1mOGg1LXYydmctNDZycs4AA6o6
quarkus-core leaks local environment variables from Quarkus namespace during application's build
Ecosystems: maven
Packages: io.quarkus:quarkus-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 22 days ago
High
GSA_kwCzR0hTQS02Y2Y2LThodnItcjY4d84AA6o3
dectalk-tts Uses Unencrypted HTTP Request
Ecosystems: npm
Packages: dectalk-tts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
High
GSA_kwCzR0hTQS13OGdmLWcydnEtajJmNM4AA6nf
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 23 days ago
High
GSA_kwCzR0hTQS1xamZ3LWN2amYtZjRmbc4AA6l3
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client, amphp/http
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 23 days ago
High
GSA_kwCzR0hTQS0ycTU5LWgyNGMtdzZmZ84AA6ks
Voilà Local file inclusion
Ecosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 23 days ago
High
GSA_kwCzR0hTQS1jMzN4LXhxcmYtYzQ3OM4AA6ir
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 24 days ago
High
GSA_kwCzR0hTQS01N3E1LWg2MjItM2NweM4AA6hD
UVDesk Community Helpdesk Improper Privilege Management
Ecosystems: packagist
Packages: uvdesk/core-framework
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 25 days ago
High
GSA_kwCzR0hTQS1qNHBjLXZxdmMtNHA5eM4AA6gs
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 25 days ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 25 days ago
High
GSA_kwCzR0hTQS0yajRnLXY0ZnYtcmh3Z84AA6g0
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 25 days ago
High
GSA_kwCzR0hTQS1xanZtLXA1dmctNDM3Y84AA6gr
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 25 days ago
High
GSA_kwCzR0hTQS0yMnY3LXYzbWotcG04cs4AA6gq
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 25 days ago
High
GSA_kwCzR0hTQS02MjZyLWNqNDctcDQ5Z84AA6gu
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 25 days ago
High
GSA_kwCzR0hTQS1jNGdyLXE5N2ctcHB3Y84AA6gY
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
GSA_kwCzR0hTQS1wbXd3LXY2YzktN3A4M84AA6gN
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Ecosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 25 days ago
High
GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executable
Ecosystems: npm
Packages: @electron/packager
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 28 days ago
High
GSA_kwCzR0hTQS13Mzg3LTVxcXctN2c4bc4AA6dw
Content-Security-Policy header generation in middleware could be compromised by malicious injections
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS04cjVqLWdtM2otY3g5Y84AA6dB
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS0zOWZwLW1xbW0tZ3hqNs4AA6c_
CodeIgniter4 DoS Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 28 days ago
High
GSA_kwCzR0hTQS04NzR2LXBqNzItOTJmM84AA6ay
Podman affected by CVE-2024-1753 container escape at build time
Ecosystems: go
Packages: github.com/containers/podman/v5, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 29 days ago
High
GSA_kwCzR0hTQS1oNng3LXI1cmcteDVmd84AA6aw
Serverpod client accepts any certificate
Ecosystems: pub
Packages: serverpod_client
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 29 days ago
High
GSA_kwCzR0hTQS1wd3FtLXg1eDYtNTU4Ns4AA6au
Cilium has insecure IPsec transport encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 29 days ago
High
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 29 days ago
High
GSA_kwCzR0hTQS1ocjV3LWN3d3EtMnY0bc4AA6as
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
High
GSA_kwCzR0hTQS0yZzRjLThmcG0tYzQ2ds4AA6YV
web3-utils Prototype Pollution vulnerability
Ecosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: 30 days ago
High
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversal
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Statistics
Advisories: 18,139
Packages: 8,241
Repositories: 2,415
Ecosystems: 12
Filter by Severity
Moderate 7,815 High 6,287 Critical 2,787 Low 966
Filter by Ecosystem
maven 1,873 npm 1,397 pypi 1,118 packagist 1,012 nuget 785 go 686 cargo 322 rubygems 283 swift 16 hex 8 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 43 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 29 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/core 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 typo3/cms 22 opencv-python 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 drupal/drupal 20 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 django 19 typo3/cms-core 18 librenms/librenms 18 org.jenkins-ci.plugins:script-security 17 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 parse-server 15 nilsteampassnet/teampass 15 rdiffweb 15 salt 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 getgrav/grav 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 golang.org/x/net 13 github.com/usememos/memos 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 activerecord 12 electron 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 github.com/hashicorp/vault 11 actionpack 11 intelliants/subrion 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 Plone 11 github.com/nats-io/nats-server/v2 11 mautic/core 11 github.com/argoproj/argo-cd 11 matrix-synapse 10 cobbler 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 github.com/hashicorp/nomad 10 org.apache.nifi:nifi 10 openmage/magento-lts 10 shopware/platform 10 froxlor/froxlor 10 org.springframework.security:spring-security-core 10 org.apache.geode:geode-core 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 ckb 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.solr:solr-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 craftcms/cms 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.keycloak:keycloak-services 8 shopware/core 8 october/system 8 github.com/sylabs/singularity 8 gradio 8 org.bouncycastle:bcprov-jdk15 8 github.com/ethereum/go-ethereum 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-x86 8 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 com.liferay.portal:release.portal.bom 7 github.com/docker/docker 7 smarty/smarty 7 snipe/snipe-it 7 tar 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 DotNetNuke.Core 7 org.eclipse.jetty:jetty-server 7 cakephp/cakephp 7 gogs.io/gogs 7 cn.hutool:hutool-core 7 org.apache.commons:commons-compress 7 apache-superset 7 symfony/security 7 phpmailer/phpmailer 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 magento/core 7 pillow 7 deno 6 github.com/zitadel/zitadel 6 github.com/traefik/traefik/v2 6 org.apache.tomcat:tomcat-coyote 6 @openzeppelin/contracts 6 guzzlehttp/guzzle 6 Microsoft.NETCore.App 6 contao/contao 6 contao/core-bundle 6 opencv-python-headless 6 opencv-contrib-python-headless 6 Microsoft.AspNetCore.All 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 github.com/gravitl/netmaker 6 express-cart 6 k8s.io/kubernetes 6 istio.io/istio 6 npm 6 github.com/hyperledger/fabric 6 waitress 6 sized-chunks 6 kiwitcms 6 org.apache.camel:camel-core 6 cryptography 6 laravel/framework 6 org.apache.inlong:manager-pojo 6 org.apache.cxf:cxf 6 @strapi/strapi 6 wwbn/avideo 6 org.apache.tika:tika-core 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 golang.org/x/crypto 6 de.tum.in.ase:artemis-java-test-sandbox 6 handlebars 6 rack 6 sequelize 6 passenger 5 org.apache.tomcat:tomcat-catalina 5 matrix-js-sdk 5 directus 5 ua-parser-js 5 forkcms/forkcms 5 com.vaadin:vaadin-bom 5 Microsoft.AspNetCore.App 5 next 5 twisted 5 org.apache.mesos:mesos 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 serve 5 github.com/answerdev/answer 5 zope 5 github.com/cilium/cilium 5 statamic/cms 5 CefSharp.Common 5 getkirby/cms 5 @openzeppelin/contracts-upgradeable 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 pear/archive_tar 5 aubio 5 github.com/nats-io/jwt 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 github.com/opencontainers/runc 5 org.xwiki.platform:xwiki-platform-web 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/x-stream/xstream 22 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 18 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/usememos/memos 13 https://github.com/apache/inlong 13 https://github.com/getgrav/grav 13 https://github.com/mlflow/mlflow 12 https://github.com/jenkinsci/script-security-plugin 12 https://github.com/rails/rails 12 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/go-gitea/gitea 10 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/gradio-app/gradio 8 https://github.com/shopware/platform 8 https://github.com/nats-io/nats-server 8 https://github.com/matrix-org/synapse 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/cobbler/cobbler 8 https://github.com/bcgit/bc-java 8 https://github.com/hashicorp/vault 7 https://github.com/rubygems/rubygems 7 https://github.com/eclipse/jetty.project 7 https://github.com/snipe/snipe-it 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/spring-projects/spring-security 7 https://github.com/DSpace/DSpace 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/undertow-io/undertow 7 https://github.com/denoland/deno 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/xuxueli/xxl-job 6 https://github.com/CVEProject/cvelist 6 https://github.com/gravitl/netmaker 6 https://github.com/istio/istio 6 https://github.com/opencast/opencast 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/guzzle/guzzle 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/zitadel/zitadel 6 https://github.com/backstage/backstage 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/apache/activemq 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/OpenNMS/opennms 6 https://github.com/contao/contao 6 https://github.com/Pylons/waitress 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/WWBN/AVideo 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/sequelize/sequelize 6 https://github.com/froxlor/froxlor 6 https://github.com/dromara/hutool 6 https://github.com/TYPO3/typo3 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/intelliants/subrion 6 https://github.com/laravel/framework 5 https://github.com/docker/docker 5 https://github.com/tidwall/gjson 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/saltstack/salt 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/cefsharp/CefSharp 5 https://github.com/apache/hadoop 5 https://github.com/gogs/gogs 5 https://github.com/hpcng/singularity 5 https://github.com/composer/composer 5 https://github.com/aubio/aubio 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/directus/directus 5 https://github.com/drupal/core 5 https://github.com/cilium/cilium 5 https://github.com/pear/Archive_Tar 5 https://github.com/apache/dolphinscheduler 5 https://github.com/forkcms/forkcms 5 https://github.com/cakephp/cakephp 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/twisted/twisted 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/traefik/traefik 5 https://github.com/answerdev/answer 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/geoserver/geoserver 5 https://github.com/zopefoundation/Zope 5 https://github.com/statamic/cms 4 https://github.com/cloudflare/cfrpki 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/npm/cli 4 https://github.com/apache/geode 4 https://github.com/ethyca/fides 4 https://github.com/quarkusio/quarkus 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/Codiad/Codiad 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/Froxlor/Froxlor 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/PrismJS/prism 4 https://github.com/opencontainers/runc 4 https://github.com/free5gc/free5gc 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/ericcornelissen/shescape 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/playframework/playframework 4 https://github.com/phpseclib/phpseclib 4 https://github.com/containers/podman 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/surrealdb/surrealdb 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/wixtoolset/issues 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/bolt/bolt 4 https://github.com/igniterealtime/Openfire 4 https://github.com/fiveai/Cachet 4 https://github.com/hashicorp/nomad 4 https://github.com/libp2p/go-libp2p 4 https://github.com/centreon/centreon-archived 4 https://github.com/totaljs/framework 4 https://github.com/baserproject/basercms 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/containers/buildah 4 https://github.com/nautobot/nautobot 4 https://github.com/ethereum/go-ethereum 4 https://github.com/jenkinsci/gitlab-plugin 3 https://github.com/onionshare/onionshare 3 https://github.com/rack/rack 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/nextauthjs/next-auth 3 https://github.com/digitalbazaar/forge 3 https://github.com/microsoft/msquic 3 https://github.com/authzed/spicedb 3 https://github.com/TryGhost/Ghost 3 https://github.com/npm/npm 3 https://github.com/siderolabs/talos 3 https://github.com/h2database/h2database 3 https://github.com/getsentry/sentry 3 https://github.com/sylabs/singularity 3