Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1oZnJnLTRqd3ItamZwas4AA6Gn
Improper HTML sanitization in ZITADEL
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
High
GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk
Intermittent HTTP policy bypass
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 29 days ago
High
GSA_kwCzR0hTQS02djg1LXdyOTItcTRwN84AA6Gh
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 29 days ago
High
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph function
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 29 days ago
High
GSA_kwCzR0hTQS1mM2poLXF2bTQtbWczOc4AA6FU
Erroneous authentication pass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 29 days ago
High
GSA_kwCzR0hTQS1oZ2poLTlyajItZzY3as4AA6DE
Spring Framework URL Parsing with Host Validation Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS00amhqLTNndjMtYzNncs4AA6CS
CLI for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12OG14LWhwMnEtZ3c4Nc4AA6CR
Golang SDK for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS02OXA0LWo1djUteDIzNM4AA6CQ
Server/API for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03djM4LXczMm0td3g0bc4AA6CP
Types for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/types
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ycXBoLXFwdm0tMnFmN84AA6CO
tls-listener affected by the slow loris vulnerability with default configuration
Ecosystems: cargo
Packages: tls-listener
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zMmpxLW12ODktNXJ4N84AA6CL
CoreWCF NetFraming based services can leave connections open when they should be closed
Ecosystems: nuget
Packages: CoreWCF.NetFramingBase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS13NXd4LTZnMnItcjc4cc4AA6CJ
Nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yeDdtLWdmODUtMzc0Nc4AA587
Remote Denial of Service Vulnerability in Microsoft QUIC
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jMzVoLXc4aGotbW01Nc4AA574
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-proxy
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS14cDJyLWc4cXEtNDRoaM4AA577
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jMng5LXZ3NWgtMzl2Y84AA57_
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qZzJnLTRyamctY21xaM4AA57-
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ZnhqLXdoY3YtY3JyY84AA570
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.osx-arm64, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qN2ptLThnZjUtZnJjbc4AA50O
nGrinder vulnerable to unsafe Java objects deserialization
Ecosystems: maven
Packages: org.ngrinder:ngrinder-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ycGMyLWg5N2gtMm1td84AA5zd
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04dmNnLXY3ZzQtM3ZyN84AA5zn
Jenkins HTML Publisher Plugin does not properly sanitize input
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS14cnJ3LTlqNzgtaHBmM84AA5zs
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ajc0LWczYzUtd3F3d84AA5za
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitbucket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05cHA0LW14NngteGgzNs4AA5zX
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-check-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ajVyLTZtdjktbTI1Nc4AA5zY
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-monitor-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS02cTR3LTl4NTYtcm13cc4AA5zQ
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS14YzdqLXdqMzYtcWpmcs4AA5zL
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any file
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wMmd4LTQ0MzQtcGY2Z84AA5y_
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS13cnF2LXBmNmotbXFqcM4AA5xo
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS02NXg3LWMyNzItN2c3cs4AA5xd
Use After Free in SixLabors.ImageSharp
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI
Incorrect TLS certificate auth method in Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS03Y2MyLXI2NTgtN3hwZs4AA5wH
Coder's OIDC authentication allows email with partially matching domain to register
Ecosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistration
Ecosystems: cargo
Packages: mio
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yNHBmLTN2N3ItaGg1Nc4AA5wC
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oM203LXJxYzQtN2g5cM4AA5sZ
Integer overflow in chunking helper causes dispatching to miss elements or panic
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file write
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xdzlnLTc1NDktN3dnNc4AA5r0
Directus has MySQL accent insensitive email matching
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS14aDZtLTdjcjcteHg2Ns4AA5jR
Missing permission checks on Hazelcast client protocol
Ecosystems: maven
Packages: com.hazelcast:hazelcast
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yZ2hjLTlmaHgtaDMybc4AA5hV
Apache Ambari: authenticated users could perform command injection to perform RCE
Ecosystems: maven
Packages: org.apache.ambari.contrib.views:ambari-contrib-views
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yZ2d2LWN2N3ItbXc5OM4AA5gs
Connection leaking on idle timeout when TCP congested
Ecosystems: maven
Packages: org.eclipse.jetty.http3:jetty-http3-common, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http3:http3-common, org.eclipse.jetty.http2:http2-common
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wd3IyLTR2MzYtNnFwcs4AA5gF
orjson does not limit recursion for deeply nested JSON documents
Ecosystems: pypi
Packages: orjson
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS02NzQ5LW01Y3AtNmNnN84AA5e2
Cross-site Scripting in MLFlow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zdjc5LXE3cGgtajc1aM4AA5e3
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS13aGg4LWZqZ2MtcXA3M84AA5ep
Onnx Directory Traversal vulnerability
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yZmM5LXhwcDgtMmc5aM4AA5ef
`@backstage/backend-common` vulnerable to path traversal through symlinks
Ecosystems: npm
Packages: @backstage/backend-common
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jY2d2LXZqNjIteGY5aM4AA5d5
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yYzRwLXAzajktNjU3N84AA5ds
pypqc private key retrieval vulnerability
Ecosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01NzhwLWZ4bW0tNjIyOc4AA5dr
Potentially untrusted input is rendered as HTML in final output
Ecosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yNTNoLWp2MmctdnB4Ns4AA5dg
Helm's Missing YAML Content Leads To Panic
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jcDY4LXFyaHItZzloOM4AA5Zx
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNzVnLTM5anEtdnE3bc4AA5Zw
Potential buffer overflow in CBOR2 decoder
Ecosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xM2dnLW04aHItaDR4NM4AA5Zu
Externally Controlled Format String in Scripting Functions
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zcXBxLTZ3ODktZjdteM4AA5Zp
Pimcore Host Header Injection in user invitation link
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tY3FqLTdwMjktOTUyOM4AA5Zo
MantisBT Host Header Injection vulnerability
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS14NXBtLWgzM3EtY2pyd84AA5Zl
Improper Certificate Validation in apache airflow mongo hook
Ecosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Deserialization of Untrusted Data in Apache Camel CassandraQL
Ecosystems: maven
Packages: org.apache.camel:camel-cassandraql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNnhyLTR4MmYtY2ZqOc4AA5ZD
Deserialization of Untrusted Data in Apache Camel SQL
Ecosystems: maven
Packages: org.apache.camel:camel-sql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zN2d4LWpxeDktZndtZ84AA5Yi
Improper Certificate Validation in Apache DolphinScheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mZjJ3LXdtNDgtamhxas4AA5Yj
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xd3h4LXh3dzYtOHE4bc4AA5Yb
Remote Code Execution in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS13M3c2LTI2ZjItcDQ3NM4AA5YR
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wM3J2LXFqNTYtMmZxeM4AA5YM
Cross-site Scripting in Pyhtml2pdf
Ecosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zamN2LTVmOXAtMmYycM4AA5YN
Cross-site Scripting in electron-pdf
Ecosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS00ODdnLTNtM3YtaGpocc4AA5Xz
Uncontrolled Resource Consumption in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS00MjY1LWNjZjUtcGhqNc4AA5Xn
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS00ZzlyLXZ4aHgtOXBneM4AA5Xm
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS03ZjJ2LTU4NzctcngzeM4AA5Wz
Code injection in REDAXO
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS13NGh2LXZtdjktaGdjcs4AA5Vm
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
High
GSA_kwCzR0hTQS03ajdtLXY3bTMtanFtN84AA5Vh
Scrapy decompression bomb vulnerability
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jdzlqLXEzdmYtaHJyds4AA5Ui
Scrapy authorization header leakage on cross-domain redirect
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jYzY1LXh4dmYtZjdyOc4AA5UB
Scrapy vulnerable to ReDoS via XMLFeedSpider
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS04NHh2LWpmcm0taDRnbc4AA5Rh
registry-support: decompress can delete files outside scope via relative paths
Ecosystems: go
Packages: github.com/devfile/registry-support/registry-library
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 2 months ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jbWg5LXJ4ODUteGozOM4AA5P5
XSS sidekiq-unique-jobs UI server vulnerability
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 2 months ago
High
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoS
Ecosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 2 months ago
High
GSA_kwCzR0hTQS0yMnE4LWdobXEtNjN2Zs4AA5N4
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
Ecosystems: cargo
Packages: libgit2-sys
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 2 months ago
High
GSA_kwCzR0hTQS02cDkyLXFmcWYtcXd4NM4AA5N0
OpenRefine JDBC Attack Vulnerability
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 2 months ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 2 months ago
High
GSA_kwCzR0hTQS1ycjY5LXJ4cjYtOHF3Zs4AA5MJ
serde-json-wasm stack overflow during recursive JSON parsing
Ecosystems: cargo
Packages: serde-json-wasm
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 2 months ago
Statistics
Advisories: 17,438
Packages: 8,107
Repositories: 2,366
Ecosystems: 12
Filter by Severity
Moderate 7,458 High 6,088 Critical 2,659 Low 952
Filter by Ecosystem
maven 1,857 npm 1,385 pypi 1,095 nuget 898 packagist 847 go 667 cargo 322 rubygems 282 swift 16 hex 8 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 54 org.jenkins-ci.main:jenkins-core 48 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 38 moodle/moodle 31 microweber/microweber 27 nokogiri 25 pimcore/pimcore 25 org.apache.struts:struts2-core 23 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 typo3/cms 20 django 19 thorsten/phpmyfaq 19 ansible 17 openssl-src 17 typo3/cms-core 17 org.jenkins-ci.plugins:script-security 17 dolibarr/dolibarr 17 pocketmine/pocketmine-mp 17 apache-airflow 16 mlflow 16 symfony/symfony 15 rdiffweb 15 parse-server 15 librenms/librenms 15 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 centreon/centreon 14 vyper 14 net.mingsoft:ms-mcms 14 getgrav/grav 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 golang.org/x/net 13 github.com/rancher/rancher 13 github.com/usememos/memos 13 activerecord 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 org.apache.openmeetings:openmeetings-parent 12 baserproject/basercms 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.apache.tomcat.embed:tomcat-embed-core 11 org.keycloak:keycloak-parent 11 nilsteampassnet/teampass 11 actionpack 11 drupal/core 11 github.com/nats-io/nats-server/v2 11 github.com/hashicorp/vault 11 phpmyadmin/phpmyadmin 11 io.undertow:undertow-core 11 Plone 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/nomad 10 org.apache.nifi:nifi 10 openmage/magento-lts 10 matrix-synapse 10 cockpit-hq/cockpit 10 cobbler 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.springframework.security:spring-security-core 10 intelliants/subrion 9 Microsoft.NETCore.App.Runtime.win-x86 9 Microsoft.NETCore.App.Runtime.win-x64 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NETCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.hadoop:hadoop-main 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.struts.xwork:xwork-core 9 Django 9 ckb 9 org.apache.solr:solr-core 9 mautic/core 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 rusqlite 9 shopware/platform 9 github.com/sylabs/singularity 8 github.com/ethereum/go-ethereum 8 gradio 8 org.bouncycastle:bcprov-jdk15 8 october/system 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 snipe/snipe-it 7 shopware/core 7 org.craftercms:crafter-studio 7 cakephp/cakephp 7 github.com/docker/docker 7 org.eclipse.jetty:jetty-server 7 magento/core 7 com.liferay.portal:release.portal.bom 7 craftcms/cms 7 org.elasticsearch:elasticsearch 7 strapi 7 org.apache.commons:commons-compress 7 com.xuxueli:xxl-job 7 cn.hutool:hutool-core 7 apache-superset 7 phpmailer/phpmailer 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 tar 7 DotNetNuke.Core 7 froxlor/froxlor 7 pillow 7 drupal/drupal 7 org.springframework:spring-core 7 gogs.io/gogs 7 de.tum.in.ase:artemis-java-test-sandbox 6 deno 6 rack 6 sequelize 6 prestashop/prestashop 6 kiwitcms 6 handlebars 6 Microsoft.NETCore.App 6 composer/composer 6 opencv-python-headless 6 laravel/framework 6 opencv-contrib-python-headless 6 wwbn/avideo 6 cryptography 6 waitress 6 guzzlehttp/guzzle 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 github.com/hyperledger/fabric 6 org.apache.tika:tika-core 6 sized-chunks 6 @openzeppelin/contracts 6 k8s.io/kubernetes 6 npm 6 org.apache.camel:camel-core 6 golang.org/x/crypto 6 github.com/gravitl/netmaker 6 github.com/zitadel/zitadel 6 smarty/smarty 6 org.apache.cxf:cxf 6 Microsoft.AspNetCore.All 6 express-cart 6 @strapi/strapi 6 github.com/traefik/traefik/v2 6 symfony/security 6 istio.io/istio 6 org.apache.inlong:manager-pojo 6 org.keycloak:keycloak-services 5 github.com/cilium/cilium 5 org.apache.mesos:mesos 5 aubio 5 Microsoft.AspNetCore.App 5 github.com/tidwall/gjson 5 plone 5 statamic/cms 5 codeigniter4/framework 5 zope 5 com.vaadin:vaadin-bom 5 passenger 5 github.com/opencontainers/runc 5 github.com/nats-io/jwt 5 serve 5 libpulse-binding 5 ua-parser-js 5 CefSharp.Common 5 directus 5 twisted 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.NETCore.App.Runtime.osx-x64 5 org.apache.dolphinscheduler:dolphinscheduler 5 salt 5 Microsoft.NETCore.App.Runtime.win-arm 5 Microsoft.NETCore.App.Runtime.linux-x64 5 Microsoft.NETCore.App.Runtime.linux-musl-x64 5 Microsoft.NETCore.App.Runtime.linux-musl-arm64 5 next 5 Microsoft.NETCore.App.Runtime.linux-arm64 5 symfony/security-http 5 Microsoft.NETCore.App.Runtime.linux-arm 5 org.apache.xmlgraphics:batik 5 @openzeppelin/contracts-upgradeable 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 matrix-js-sdk 5 github.com/answerdev/answer 5 getkirby/cms 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 33 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/pimcore/pimcore 23 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/django/django 20 https://github.com/sparklemotion/nokogiri 20 https://github.com/keycloak/keycloak 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/spring-projects/spring-framework 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/vyperlang/vyper 14 https://github.com/symfony/symfony 14 https://github.com/github/advisory-database 14 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/rancher/rancher 13 https://github.com/apache/inlong 13 https://github.com/rails/rails 12 https://github.com/ansible/ansible 12 https://github.com/mlflow/mlflow 12 https://github.com/jenkinsci/script-security-plugin 12 https://github.com/apache/nifi 11 https://github.com/librenms/librenms 11 https://github.com/electron/electron 11 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/hashicorp/consul 10 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/golang/go 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/Dolibarr/dolibarr 9 https://github.com/cui2shark/cms 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/kubernetes/kubernetes 9 https://github.com/mautic/mautic 9 https://github.com/go-gitea/gitea 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/cobbler/cobbler 8 https://github.com/bcgit/bc-java 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/nats-io/nats-server 8 https://github.com/undertow-io/undertow 7 https://github.com/eclipse/jetty.project 7 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/denoland/deno 7 https://github.com/DSpace/DSpace 7 https://github.com/hashicorp/vault 7 https://github.com/spring-projects/spring-security 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/rubygems/rubygems 7 https://github.com/snipe/snipe-it 7 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/TYPO3/typo3 6 https://github.com/xuxueli/xxl-job 6 https://github.com/CVEProject/cvelist 6 https://github.com/guzzle/guzzle 6 https://github.com/backstage/backstage 6 https://github.com/intelliants/subrion 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/OpenNMS/opennms 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/gravitl/netmaker 6 https://github.com/dromara/hutool 6 https://github.com/Pylons/waitress 6 https://github.com/magento/magento2 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/apache/activemq 6 https://github.com/WWBN/AVideo 6 https://github.com/bodil/sized-chunks 6 https://github.com/istio/istio 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/sequelize/sequelize 6 https://github.com/hyperledger/fabric 6 https://github.com/froxlor/froxlor 6 https://github.com/opencast/opencast 6 https://github.com/cilium/cilium 5 https://github.com/pear/Archive_Tar 5 https://github.com/docker/docker 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/hpcng/singularity 5 https://github.com/gogs/gogs 5 https://github.com/composer/composer 5 https://github.com/directus/directus 5 https://github.com/laravel/framework 5 https://github.com/apache/hadoop 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/answerdev/answer 5 https://github.com/drupal/core 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/jnqnfe/pulse-binding-rust 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/kylin 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/getkirby/kirby 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/tidwall/gjson 5 https://github.com/forkcms/forkcms 5 https://github.com/aubio/aubio 5 https://github.com/contao/contao 5 https://github.com/ethyca/fides 4 https://github.com/fiveai/Cachet 4 https://github.com/BlackFan/client-side-prototype-pollution 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/PrismJS/prism 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/free5gc/free5gc 4 https://github.com/vantage6/vantage6 4 https://github.com/apple/swift-nio-http2 4 https://github.com/nautobot/nautobot 4 https://github.com/ericcornelissen/shescape 4 https://github.com/jettison-json/jettison 4 https://github.com/playframework/playframework 4 https://github.com/containers/buildah 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/hashicorp/nomad 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/quarkusio/quarkus 4 https://github.com/containers/podman 4 https://github.com/libp2p/go-libp2p 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/nightcloudos/new_cms 4 https://github.com/baserproject/basercms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/totaljs/framework 4 https://github.com/npm/cli 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/wixtoolset/issues 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/centreon/centreon-archived 4 https://github.com/scrapy/scrapy 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/apache/geode 4 https://github.com/cloudflare/cfrpki 4 https://github.com/ethereum/go-ethereum 4 https://github.com/surrealdb/surrealdb 4 https://github.com/puma/puma 3 https://github.com/stealjs/steal 3 https://github.com/sebhildebrandt/systeminformation 3 https://github.com/lodash/lodash 3 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 3 https://github.com/thorsten/phpMyFAQ 3 https://github.com/vrana/adminer 3 https://github.com/silverstripe/silverstripe-graphql 3 https://github.com/open-policy-agent/opa 3 https://github.com/gatsbyjs/gatsby 3 https://github.com/fluxcd/flux2 3 https://github.com/cri-o/cri-o 3 https://github.com/liufee/cms 3 https://github.com/onionshare/onionshare 3 https://github.com/awslabs/tough 3 https://github.com/grpc/grpc 3 https://github.com/h2database/h2database 3 https://github.com/ESAPI/esapi-java-legacy 3 https://github.com/apache/openmeetings 3 https://github.com/npm/npm 3 https://github.com/vaadin/platform 3 https://github.com/apache/shenyu 3