Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 2 months ago
High
GSA_kwCzR0hTQS1jcDY4LXFyaHItZzloOM4AA5Zx
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0zNzVnLTM5anEtdnE3bc4AA5Zw
Potential buffer overflow in CBOR2 decoder
Ecosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1xM2dnLW04aHItaDR4NM4AA5Zu
Externally Controlled Format String in Scripting Functions
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 2 months ago
High
GSA_kwCzR0hTQS0zcXBxLTZ3ODktZjdteM4AA5Zp
Pimcore Host Header Injection in user invitation link
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1tY3FqLTdwMjktOTUyOM4AA5Zo
MantisBT Host Header Injection vulnerability
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 2 months ago
High
GSA_kwCzR0hTQS14NXBtLWgzM3EtY2pyd84AA5Zl
Improper Certificate Validation in apache airflow mongo hook
Ecosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0zNnhyLTR4MmYtY2ZqOc4AA5ZD
Deserialization of Untrusted Data in Apache Camel SQL
Ecosystems: maven
Packages: org.apache.camel:camel-sql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Deserialization of Untrusted Data in Apache Camel CassandraQL
Ecosystems: maven
Packages: org.apache.camel:camel-cassandraql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0zN2d4LWpxeDktZndtZ84AA5Yi
Improper Certificate Validation in Apache DolphinScheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1mZjJ3LXdtNDgtamhxas4AA5Yj
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xd3h4LXh3dzYtOHE4bc4AA5Yb
Remote Code Execution in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13M3c2LTI2ZjItcDQ3NM4AA5YR
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 2 months ago
High
GSA_kwCzR0hTQS0zamN2LTVmOXAtMmYycM4AA5YN
Cross-site Scripting in electron-pdf
Ecosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1wM3J2LXFqNTYtMmZxeM4AA5YM
Cross-site Scripting in Pyhtml2pdf
Ecosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 2 months ago
High
GSA_kwCzR0hTQS00ODdnLTNtM3YtaGpocc4AA5Xz
Uncontrolled Resource Consumption in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 2 months ago
High
GSA_kwCzR0hTQS00MjY1LWNjZjUtcGhqNc4AA5Xn
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 2 months ago
High
GSA_kwCzR0hTQS00ZzlyLXZ4aHgtOXBneM4AA5Xm
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 2 months ago
High
GSA_kwCzR0hTQS03ZjJ2LTU4NzctcngzeM4AA5Wz
Code injection in REDAXO
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 2 months ago
High
GSA_kwCzR0hTQS13NGh2LXZtdjktaGdjcs4AA5Vm
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
High
GSA_kwCzR0hTQS03ajdtLXY3bTMtanFtN84AA5Vh
Scrapy decompression bomb vulnerability
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jdzlqLXEzdmYtaHJyds4AA5Ui
Scrapy authorization header leakage on cross-domain redirect
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jYzY1LXh4dmYtZjdyOc4AA5UB
Scrapy vulnerable to ReDoS via XMLFeedSpider
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS04NHh2LWpmcm0taDRnbc4AA5Rh
registry-support: decompress can delete files outside scope via relative paths
Ecosystems: go
Packages: github.com/devfile/registry-support/registry-library
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 2 months ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jbWg5LXJ4ODUteGozOM4AA5P5
XSS sidekiq-unique-jobs UI server vulnerability
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 2 months ago
High
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoS
Ecosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 2 months ago
High
GSA_kwCzR0hTQS0yMnE4LWdobXEtNjN2Zs4AA5N4
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
Ecosystems: cargo
Packages: libgit2-sys
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 2 months ago
High
GSA_kwCzR0hTQS02cDkyLXFmcWYtcXd4NM4AA5N0
OpenRefine JDBC Attack Vulnerability
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 2 months ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 3 months ago
High
GSA_kwCzR0hTQS1ycjY5LXJ4cjYtOHF3Zs4AA5MJ
serde-json-wasm stack overflow during recursive JSON parsing
Ecosystems: cargo
Packages: serde-json-wasm
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1nY2dqLXFoOHAtNTdobc4AA5LF
October CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
High
GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
HashiCorp Nomad vulnerable to symlink attacks
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
High
GSA_kwCzR0hTQS0zcXgzLTZoeHItajJjaM4AA5Ks
eza Potential Heap Overflow Vulnerability for AArch64
Ecosystems: cargo
Packages: eza
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS04MzNtLTM3ZjctanE1Nc4AA5Kr
Rancher API Server Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/apiserver
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1yOGY0LWh2MjMtNnFwNs4AA5Kq
Norman API Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/norman
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 3 months ago
High
GSA_kwCzR0hTQS14Zmo3LXFmOHctMmdjcs4AA5Kp
Rancher 'Audit Log' leaks sensitive information
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1jODVyLWZ3YzctNDV2Y84AA5Ko
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1odnA0LXZydjItOHdycc4AA5Kn
Kinto Attachment's attachments can be replaced on read-only records
Ecosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
High
GSA_kwCzR0hTQS04djI4LTNnODYtY2hqNc4AA5Ke
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: PanelSwWix4.Sdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0yNTlwLXJ2angtZmZ3Z84AA5Kd
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: PanelSW.Custom.WiX
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS03d2gyLXd4YzctOXBoNc4AA5Kc
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jMzUyLXg4NDMtZ2dwcc4AA5KR
XXL-JOB vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xd2o4LXFncHItOGNybc4AA5J7
Liferay Portal vulnerable to user impersonation
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
High
GSA_kwCzR0hTQS1wNmdnLTVoZjQtNHJnas4AA5JN
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1jNTd2LTR2ZzUtY20yeM4AA5I5
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker-auth-sasl
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 3 months ago
High
GSA_kwCzR0hTQS1tOTVoLXA0Z2ctd2Z3M84AA5Hc
Allegro AI ClearML path traversal vulnerability
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1jcGN3LTloOW0td3F3Oc4AA5Hb
Allegro AI ClearML vulnerable to deserialization of untrusted data
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1oMnJxLXFocjctNTNnbc4AA5HR
Apache Sling Servlets Resolver executes malicious code via path traversal
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.servlets.resolver
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1mM2g5LThwaGMtNmd2aM4AA5F4
Gradio Path Traversal vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 months ago
High
GSA_kwCzR0hTQS03cXc0LTlyNjgtMnJteM4AA5Em
mingSoft MCMS File Upload vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
High
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
High
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tampering
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerability
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 3 months ago
High
GSA_kwCzR0hTQS0zZ2poLTI5ZnYtOGhyNs4AA5Cq
Nervos CKB Snappy decompress length can be very large and causes out of memory error
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13anhjLXBqeDktNHd2bc4AA5Cp
Nervos CKB Panic on malformed input
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1oanFxLTI5cHctOTZ3as4AA5Ck
Nervos CKB node panics when processing a block which parent timestamp is too new
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1qY21xLTVycnYtajJnNM4AA5Ca
PowerShell is subject to remote code execution vulnerability
Ecosystems: nuget
Packages: PowerShell
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS02aDc4LTg1djItbW1jaM4AA5CX
PHPMailer Shell command injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12MjY5LXJycjYtY3g2cs4AA5CF
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp
Talos Linux ships runc vulnerable to the escape to the host attack
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12cXhxLWh2eHctOW12Oc4AA4_z
Statmic CMS vulnerable to account takeover via XSS and password reset link
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 3 months ago
High
GSA_kwCzR0hTQS14eDh3LW1xMjMtMjlnNM4AA4_w
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
High
GSA_kwCzR0hTQS04cGp4LWpqODYtajQ3cM4AA4-8
Grafana path traversal
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1xcnFyLTN4NWotMnh3Oc4AA4-3
Docker Moby Authentication Bypass
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 3 months ago
High
GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1
Improper Authentication in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
High
GSA_kwCzR0hTQS00OTZnLWZyMzMtd2hyZs4AA4-v
Denial of service in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 3 months ago
High
GSA_kwCzR0hTQS14cjdyLWY4eHEtdmZ2ds4AA4-u
runc vulnerable to container breakout through process.cwd trickery and leaked fds
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 3 months ago
High
GSA_kwCzR0hTQS1tM3I2LWg3d3YtN3h4ds4AA4-s
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 3 months ago
High
GSA_kwCzR0hTQS05eGM5LXhxN3ctdnBjcs4AA49b
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 3 months ago
High
GSA_kwCzR0hTQS00bXA3LTJtMjktZ3F4Zs4AA49E
HashiCorp Vault Authentication bypass
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0yeGhxLWd2NmMtcDIyNM4AA49C
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 3 months ago
High
GSA_kwCzR0hTQS02N200LXF4cDMtajZoaM4AA486
TrueLayer.Client SSRF when fetching payment or payment provider
Ecosystems: nuget
Packages: TrueLayer.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1ydjhwLXJyMmgtZmdwZ84AA484
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago
High
GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483
@urql/next Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @urql/next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS05OTdnLTI3eDgtNDNyZs4AA482
react-query-streamed-hydration Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @tanstack/react-query-next-experimental
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
High
GSA_kwCzR0hTQS13OWgyLXB4ODctNzR2eM4AA48x
vantage6 remote code execution vulnerability
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
GSA_kwCzR0hTQS12dmgyLTgyYzctcHBmZ84AA48B
network Arbitrary Command Injection vulnerability
Ecosystems: npm
Packages: network
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 3 months ago
High
GSA_kwCzR0hTQS03bWd4LWd2anctbTN3M84AA474
CrateDB authentication bypass vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xY2pxLTdmN3YtcHZjOM4AA47s
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V
MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0zdnZjLXY4YzItNDNyN84AA46l
Apache Kylin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1ncjc5LTl2NnYtZ2M5cs4AA430
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 3 months ago
High
GSA_kwCzR0hTQS04ajN4LXczNXItcnc0cs4AA43J
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 3 months ago
High
GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s
Arbitrary Code Execution in Processwire
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instance
Ecosystems: cargo
Packages: lemmy_server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcnFnLW13aDctcTk0as4AA42m
Host header injection in the password reset
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1jd3g2LTR3bWYtYzZ4ds4AA42l
SQL Injection in Admin download files as zip
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
High
GSA_kwCzR0hTQS14MjJ4LTVwcDktOHY3Zs4AA4q2
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:redhat-dependency-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12cGg1LTJxMzMtN3I5aM4AA4qx
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xanBmLTJqaHgtMzc1OM4AA4qz
Arbitrary file read vulnerability in Jenkins Log Command Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:log-command
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS01M3BoLTJyMngtdnF3OM4AA4qv
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ
Apache Airflow: pickle deserialization vulnerability in XComs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV
Cross-site Scripting Vulnerability on Avatar Upload
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 3 months ago
High
GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Statistics
Advisories: 17,950
Packages: 8,208
Repositories: 2,397
Ecosystems: 12
Filter by Severity
Moderate 7,713 High 6,233 Critical 2,757 Low 965
Filter by Ecosystem
maven 1,873 npm 1,397 pypi 1,117 packagist 949 nuget 785 go 685 cargo 322 rubygems 283 swift 16 hex 8 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 com.fasterxml.jackson.core:jackson-databind 43 moodle/moodle 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 29 pimcore/pimcore 27 microweber/microweber 27 nokogiri 25 drupal/core 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 com.jfinal:jfinal 21 Pillow 21 ansible 20 typo3/cms 20 drupal/drupal 20 github.com/rancher/rancher 19 django 19 thorsten/phpmyfaq 19 librenms/librenms 18 typo3/cms-core 17 org.jenkins-ci.plugins:script-security 17 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 rdiffweb 15 parse-server 15 vyper 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 salt 14 github.com/hashicorp/consul 14 centreon/centreon 14 net.mingsoft:ms-mcms 14 symfony/symfony 14 golang.org/x/net 13 getgrav/grav 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.linux-arm 12 activerecord 12 baserproject/basercms 12 org.apache.openmeetings:openmeetings-parent 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 github.com/nats-io/nats-server/v2 11 nilsteampassnet/teampass 11 org.keycloak:keycloak-parent 11 github.com/hashicorp/vault 11 io.undertow:undertow-core 11 Plone 11 mautic/core 11 actionpack 11 github.com/argoproj/argo-cd 11 org.springframework.security:spring-security-core 10 cobbler 10 openmage/magento-lts 10 cockpit-hq/cockpit 10 matrix-synapse 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.hadoop:hadoop-main 9 intelliants/subrion 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.keycloak:keycloak-services 9 rusqlite 9 Django 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 shopware/platform 9 org.bouncycastle:bcprov-jdk14 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 ckb 9 october/system 8 github.com/ethereum/go-ethereum 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 github.com/sylabs/singularity 8 gradio 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-x86 8 org.springframework:spring-core 7 froxlor/froxlor 7 org.eclipse.jetty:jetty-server 7 codeigniter4/framework 7 com.liferay.portal:release.portal.bom 7 org.apache.commons:commons-compress 7 cn.hutool:hutool-core 7 craftcms/cms 7 org.elasticsearch:elasticsearch 7 apache-superset 7 tar 7 gogs.io/gogs 7 strapi 7 com.xuxueli:xxl-job 7 pillow 7 phpmailer/phpmailer 7 shopware/core 7 cakephp/cakephp 7 org.craftercms:crafter-studio 7 magento/core 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 DotNetNuke.Core 7 github.com/docker/docker 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 snipe/snipe-it 7 prestashop/prestashop 6 org.apache.camel:camel-core 6 org.apache.tika:tika-core 6 wwbn/avideo 6 composer/composer 6 express-cart 6 Microsoft.NETCore.App 6 waitress 6 handlebars 6 @strapi/strapi 6 symfony/security 6 github.com/traefik/traefik/v2 6 org.apache.cxf:cxf 6 @openzeppelin/contracts 6 npm 6 github.com/zitadel/zitadel 6 org.apache.tomcat:tomcat-coyote 6 sequelize 6 opencv-python-headless 6 laravel/framework 6 guzzlehttp/guzzle 6 sized-chunks 6 Microsoft.AspNetCore.All 6 kiwitcms 6 k8s.io/kubernetes 6 smarty/smarty 6 opencv-contrib-python-headless 6 istio.io/istio 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 github.com/gravitl/netmaker 6 rack 6 golang.org/x/crypto 6 github.com/hyperledger/fabric 6 org.apache.inlong:manager-pojo 6 cryptography 6 deno 6 de.tum.in.ase:artemis-java-test-sandbox 6 github.com/opencontainers/runc 5 pear/archive_tar 5 zope 5 getkirby/cms 5 org.apache.dolphinscheduler:dolphinscheduler 5 org.apache.xmlgraphics:batik 5 statamic/cms 5 @openzeppelin/contracts-upgradeable 5 directus 5 CefSharp.Common 5 github.com/IBAX-io/go-ibax 5 code.gitea.io/gitea 5 github.com/answerdev/answer 5 forkcms/forkcms 5 passenger 5 Microsoft.AspNetCore.App 5 github.com/tidwall/gjson 5 ua-parser-js 5 github.com/go-gitea/gitea 5 matrix-js-sdk 5 twisted 5 github.com/nats-io/jwt 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 github.com/cilium/cilium 5 phpbb/phpbb 5 next 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 plone 5 org.apache.tomcat:tomcat-catalina 5 org.apache.mesos:mesos 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 aubio 5 org.xwiki.platform:xwiki-platform-web 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 23 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/thorsten/phpmyfaq 18 https://github.com/Dolibarr/dolibarr 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 15 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/symfony/symfony 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/mlflow/mlflow 12 https://github.com/rails/rails 12 https://github.com/jenkinsci/script-security-plugin 12 https://github.com/hashicorp/consul 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/mautic/mautic 11 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/centreon/centreon 10 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/cui2shark/cms 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/eclipse/jetty.project 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/DSpace/DSpace 7 https://github.com/rubygems/rubygems 7 https://github.com/denoland/deno 7 https://github.com/apache/cxf 7 https://github.com/spring-projects/spring-security 7 https://github.com/pyca/cryptography 6 https://github.com/intelliants/subrion 6 https://github.com/OpenNMS/opennms 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/smarty-php/smarty 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/backstage/backstage 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/npm/node-tar 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/apache/activemq 6 https://github.com/WWBN/AVideo 6 https://github.com/istio/istio 6 https://github.com/froxlor/froxlor 6 https://github.com/opencast/opencast 6 https://github.com/answerdev/answer 5 https://github.com/contao/contao 5 https://github.com/drupal/core 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cilium/cilium 5 https://github.com/aubio/aubio 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/laravel/framework 5 https://github.com/getkirby/kirby 5 https://github.com/twisted/twisted 5 https://github.com/composer/composer 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/saltstack/salt 5 https://github.com/cakephp/cakephp 5 https://github.com/apache/hadoop 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/apache/dolphinscheduler 5 https://github.com/pear/Archive_Tar 5 https://github.com/directus/directus 5 https://github.com/traefik/traefik 5 https://github.com/zopefoundation/Zope 5 https://github.com/forkcms/forkcms 5 https://github.com/hpcng/singularity 5 https://github.com/geoserver/geoserver 5 https://github.com/cefsharp/CefSharp 5 https://github.com/tidwall/gjson 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/gogs/gogs 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/apache/kylin 5 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/hashicorp/nomad 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/fiveai/Cachet 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/ericcornelissen/shescape 4 https://github.com/PrismJS/prism 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/free5gc/free5gc 4 https://github.com/libp2p/go-libp2p 4 https://github.com/nautobot/nautobot 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/playframework/playframework 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/baserproject/basercms 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/jettison-json/jettison 4 https://github.com/scrapy/scrapy 4 https://github.com/vantage6/vantage6 4 https://github.com/apple/swift-nio-http2 4 https://github.com/surrealdb/surrealdb 4 https://github.com/ethyca/fides 4 https://github.com/wixtoolset/issues 4 https://github.com/bolt/bolt 4 https://github.com/yiisoft/yii2 4 https://github.com/ethereum/go-ethereum 4 https://github.com/apache/geode 4 https://github.com/opencontainers/runc 4 https://github.com/containers/buildah 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/igniterealtime/Openfire 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/quarkusio/quarkus 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/containers/podman 4 https://github.com/phpseclib/phpseclib 4 https://github.com/totaljs/framework 4 https://github.com/npm/npm 3 https://github.com/modoboa/modoboa 3 https://github.com/u-root/u-root 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/esphome/esphome 3 https://github.com/ming-soft/MCMS 3 https://github.com/francoisjacquet/rosariosis 3 https://github.com/rgrove/sanitize 3 https://github.com/h2database/h2database 3 https://github.com/pomerium/pomerium 3 https://github.com/openfga/openfga 3 https://github.com/gitpython-developers/GitPython 3 https://github.com/openstack/keystone 3 https://github.com/RhinoSecurityLabs/CVEs 3 https://github.com/apache/pulsar 3 https://github.com/rack/rack 3 https://github.com/vercel/next.js 3