Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS13OWgyLXB4ODctNzR2eM4AA48x
vantage6 remote code execution vulnerability
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
GSA_kwCzR0hTQS12dmgyLTgyYzctcHBmZ84AA48B
network Arbitrary Command Injection vulnerability
Ecosystems: npm
Packages: network
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 3 months ago
High
GSA_kwCzR0hTQS03bWd4LWd2anctbTN3M84AA474
CrateDB authentication bypass vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xY2pxLTdmN3YtcHZjOM4AA47s
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V
MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0zdnZjLXY4YzItNDNyN84AA46l
Apache Kylin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1ncjc5LTl2NnYtZ2M5cs4AA430
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 3 months ago
High
GSA_kwCzR0hTQS04ajN4LXczNXItcnc0cs4AA43J
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 3 months ago
High
GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s
Arbitrary Code Execution in Processwire
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instance
Ecosystems: cargo
Packages: lemmy_server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcnFnLW13aDctcTk0as4AA42m
Host header injection in the password reset
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1jd3g2LTR3bWYtYzZ4ds4AA42l
SQL Injection in Admin download files as zip
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
High
GSA_kwCzR0hTQS14MjJ4LTVwcDktOHY3Zs4AA4q2
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:redhat-dependency-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xanBmLTJqaHgtMzc1OM4AA4qz
Arbitrary file read vulnerability in Jenkins Log Command Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:log-command
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS01M3BoLTJyMngtdnF3OM4AA4qv
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12cGg1LTJxMzMtN3I5aM4AA4qx
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ
Apache Airflow: pickle deserialization vulnerability in XComs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV
Cross-site Scripting Vulnerability on Avatar Upload
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 3 months ago
High
GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
High
GSA_kwCzR0hTQS13ajZoLTY0ZmMtMzdtcM4AA4nW
Minerva timing attack on P-256 in python-ecdsa
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1yN3F2LThyMmgtcGcyN84AA4m6
Multiple issues involving quote API in shlex
Ecosystems: cargo
Packages: shlex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNHEzLTdnNHEteDg5bc4AA4ms
Spring Framework server Web DoS Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNHgzLW1mcGotZjMzNc4AA4mp
chasquid HTTP Request/Response Smuggling vulnerability
Ecosystems: go
Packages: github.com/albertito/chasquid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nN3BoLTg0MjMtcGY0as4AA4mg
Code execution in metagpt
Ecosystems: pypi
Packages: metagpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13ZzJ4LXJ2ODYtbW1weM4AA4lv
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Ecosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1oajU1LTlqbXYtOWpyas4AA4lj
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
High
GSA_kwCzR0hTQS1oZmo4LTYzYzgtcm1md84AA4lp
Inefficient Algorithmic Complexity in com.upokecenter:cbor
Ecosystems: maven
Packages: com.upokecenter:cbor
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jNHBnLTVnZ2gtdmNwcM4AA4ls
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
High
GSA_kwCzR0hTQS0yM3J4LTc5cjctNmNweM4AA4lq
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
High
GSA_kwCzR0hTQS0zcDc3LXdnNGMtcW0yNM4AA4lo
Exposure of sensitive information in ClickHouse
Ecosystems: maven
Packages: com.clickhouse:clickhouse-client, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-r2dbc
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 4 months ago
High
GSA_kwCzR0hTQS0zZjYzLWhmcDgtNTJqcc4AA4lV
Arbitrary Code Execution in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: 4 months ago
High
GSA_kwCzR0hTQS05Mm13LXEyNTYtNXZ3Z84AA4lC
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 4 months ago
High
GSA_kwCzR0hTQS01OGo5LWoyZmotdjhmNM4AA4lB
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
High
GSA_kwCzR0hTQS00NGNjLTQzcnAtNTk0N84AA4lA
JupyterLab vulnerable to potential authentication and CSRF tokens leak
Ecosystems: pypi
Packages: notebook, jupyterlab
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
High
GSA_kwCzR0hTQS0ycTh2LTNncXEtNGY4cM4AA4kr
concat built-in can corrupt memory in vyper
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1yaDYzLTlxY2YtODNnZs4AA4kS
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 4 months ago
High
GSA_kwCzR0hTQS00cWhwLTY1MnctYzIyeM4AA4jl
Unsecured endpoints in the jupyter-lsp server extension
Ecosystems: pypi
Packages: jupyter-lsp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1tMjR4LXI2cTMtMnZwOc4AA4jj
Uncaught Exception processing HTTP Headers in SurrealDB
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
High
GSA_kwCzR0hTQS01eGZ4LTU1eDQtajIyM84AA4jV
Cross-Frame Scripting vulnerability has been found on Plone CMS
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mNmpoLWh2ZzItOTUyNc4AA4iq
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Ecosystems: go
Packages: github.com/kudelskisecurity/crystals-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1oNTd3LXZoMzQtZjhjd84AA4dr
Code injection in mingSoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
High
GSA_kwCzR0hTQS12M3JnLXFtNDYteHJnOc4AA4bu
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 4 months ago
High
GSA_kwCzR0hTQS02aDRxLTYzYzUtcWZxZs4AA4bt
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 4 months ago
High
GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secret
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpoints
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 4 months ago
High
GSA_kwCzR0hTQS04cjI1LTY4d20tanczNc4AA4Y5
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1weG1yLXEyeDMtOXg5bc4AA4Y4
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oMzc0LW1tNTctODc5Y84AA4Y3
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12OTc3LWg0aG0tcnJmZs4AA4Vu
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS0ybXFqLW02NXctamdoeM4AA4Vh
Untrusted search path under some conditions on Windows allows arbitrary code execution
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 4 months ago
High
GSA_kwCzR0hTQS05OGc2LXhoMzYteDJwN84AA4Sw
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Ecosystems: nuget
Packages: Microsoft.Data.SqlClient, System.Data.SqlClient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1ydjlqLWM4NjYtZ3A1aM4AA4Sp
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
Ecosystems: nuget
Packages: Microsoft.IdentityModel.Protocols.SignedHttpRequest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02NjczLTQ5ODMtMnZ4Nc4AA4Sn
fonttools XML External Entity Injection (XXE) Vulnerability
Ecosystems: pypi
Packages: fonttools
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
snapd Race Condition vulnerability
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04OTU5LXJmeGgtcjRqNM4AA4Qk
XWiki vulnerable to Denial of Service attack through attachments
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS14aDM1LXc3d2ctOTV2M84AA4Qi
XWiki has no right protection on rollback action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcXBxLTJwNjgtNDZmds4AA4Qg
pyload Unauthenticated Flask Configuration Leakage vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1ocjJjLXA4cmgtMjM4aM4AA4OB
Apache Axis Improper Input Validation vulnerability
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 months ago
High
GSA_kwCzR0hTQS03aGZ4LWgzajMtcndxNM4AA4N6
D-Tale server-side request forgery through Web uploads
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
High
GSA_kwCzR0hTQS02MjVnLWZtNXctdzd3NM4AA4Mn
Froxlor username/surname AND company field Bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04NnJnLXBmNGMtNWdyZ84AA4MQ
@backstage/backend-app-api leaks GitLab access tokens
Ecosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
High
GSA_kwCzR0hTQS0yNjRwLTk5d3EtZjRqNs4AA4L1
Ion Java StackOverflow vulnerability
Ecosystems: maven
Packages: software.amazon.ion:ion-java, com.amazon.ion:ion-java
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 4 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 4 months ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mcWg2LTZoNmMtMzY2bc4AA4LR
CouchAuth host header injection vulnerability leaks the password reset token
Ecosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1jcndqLTJyM2MtZ3gyZ84AA4LK
Apache InLong Manager Arbitrary File Read Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 4 months ago
High
GSA_kwCzR0hTQS1nNTd2LTI2ODctangzM84AA4K8
PaddlePaddle stack overflow in paddle.linalg.lu_unpack
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 4 months ago
High
GSA_kwCzR0hTQS00cnJ2LThnY3AtMjR2OM4AA4K4
PaddlePaddle stack overflow in paddle.searchsorted
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 4 months ago
High
GSA_kwCzR0hTQS04ZnA3LWp3djItNDl4Oc4AA4LA
PaddlePaddle heap buffer overflow in paddle.repeat_interleave
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 4 months ago
High
GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12N2hnLTc3djktMjQ0Nc4AA4HT
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-master
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 4 months ago
High
GSA_kwCzR0hTQS0zdnZoLThjNjUtMzJqNM4AA4HN
Mingsoft MCMS SQL injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1md3ZnLTI3MzktMjJ2N84AA4Gz
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
High
GSA_kwCzR0hTQS1mZ3djLTNqNnctY2gyMs4AA4Gu
easy-rules-mvel vulnerable to remote code execution
Ecosystems: maven
Packages: org.jeasy:easy-rules-mvel
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 4 months ago
High
GSA_kwCzR0hTQS03aHBqLTdoaHgtMmZneM4AA4D7
msgpackr's conversion of property names to strings can trigger infinite recursion
Ecosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tNWhmLW0zcjIteHE1M84AA4C9
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 4 months ago
High
GSA_kwCzR0hTQS03bTdoLXJndnAtM3Y0cs4AA4C6
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1tdzk5LTljaGMteHc3cs4AA4Cr
Maliciously crafted Git server replies can cause DoS on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1qY3JyLXJyNnctOGM4M84AA3_v
free5GC AMF denial of service vulnerability
Ecosystems: go
Packages: github.com/free5gc/amf
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 4 months ago
High
GSA_kwCzR0hTQS1yNWhnLTM0OXEtbWcycc4AA3_u
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS03YzQ0LTdqN3YtdzU1NM4AA3_x
Buildkite Elastic CI for AWS symbolic link following vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Remotely exploitable denial of service in Rosenpass
Ecosystems: cargo
Packages: rosenpass
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 4 months ago
High
GSA_kwCzR0hTQS02cW0yLXdweHEtN3FoMs4AA39-
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mMjNoLTUyaGotOTlwNs4AA39b
Apache IoTDB: Unsafe deserialize map in Sync Tool
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12NjhnLXdtOGMtNng3as4AA38Z
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 5 months ago
High
GSA_kwCzR0hTQS04N2ZnLTl4NXctajNybc4AA371
MainWP Dashboard SQL Command Injection vulnerability
Ecosystems: packagist
Packages: mainwp/mainwp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS04M3E1LXdocXAtcjhqcs4AA37j
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-websocket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS01cjNxLTkzcTMtZjk3OM4AA37c
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13djhxLTRmODUtMnA4cM4AA37f
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1xZzhwLTMyZ3ItZ2g2eM4AA37h
MLflow Local File Disclosure Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13cTU5LTRxNnItNjM1cs4AA360
Authentication bypass vulnerability in navidrome's subsonic endpoint
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 2,439
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 1,875 npm 1,402 pypi 1,170 packagist 1,024 nuget 785 go 687 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 salt 18 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 net.mingsoft:ms-mcms 14 Plone 14 centreon/centreon 14 vyper 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 golang.org/x/net 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 baserproject/basercms 12 electron 12 activerecord 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-parent 11 mautic/core 11 github.com/argoproj/argo-cd 11 intelliants/subrion 11 actionpack 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 github.com/hashicorp/vault 11 cobbler 10 cockpit-hq/cockpit 10 org.springframework.security:spring-security-core 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 shopware/platform 10 froxlor/froxlor 10 org.xwiki.platform:xwiki-platform-oldcore 10 matrix-synapse 10 openmage/magento-lts 10 craftcms/cms 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 rusqlite 9 org.apache.struts.xwork:xwork-core 9 org.apache.hadoop:hadoop-main 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 mercurial 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-arm64 8 october/system 8 github.com/ethereum/go-ethereum 8 shopware/core 8 gradio 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 github.com/sylabs/singularity 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.NETCore.App.Runtime.win-x64 8 com.liferay.portal:release.portal.bom 7 apache-superset 7 gogs.io/gogs 7 DotNetNuke.Core 7 org.craftercms:crafter-studio 7 smarty/smarty 7 snipe/snipe-it 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 codeigniter4/framework 7 cakephp/cakephp 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 cn.hutool:hutool-core 7 magento/core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.springframework:spring-core 7 org.apache.commons:commons-compress 7 tar 7 github.com/docker/docker 7 handlebars 6 github.com/zitadel/zitadel 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 npm 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 opencv-contrib-python-headless 6 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 Microsoft.NETCore.App 6 contao/core-bundle 6 deno 6 org.apache.camel:camel-core 6 @strapi/strapi 6 sized-chunks 6 k8s.io/kubernetes 6 org.apache.inlong:manager-pojo 6 golang.org/x/crypto 6 github.com/hyperledger/fabric 6 sequelize 6 kiwitcms 6 org.apache.cxf:cxf 6 cryptography 6 istio.io/istio 6 org.apache.tika:tika-core 6 wwbn/avideo 6 laravel/framework 6 rack 6 express-cart 6 github.com/cilium/cilium 5 keystone 5 zope 5 directus 5 pear/archive_tar 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 github.com/go-gitea/gitea 5 next 5 org.apache.tomcat:tomcat-catalina 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 passenger 5 org.xwiki.platform:xwiki-platform-web 5 forkcms/forkcms 5 org.apache.xmlgraphics:batik 5 serve 5 statamic/cms 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.apache.mesos:mesos 5 github.com/answerdev/answer 5 @openzeppelin/contracts-upgradeable 5 plone 5 aubio 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 genix/cms 5 matrix-js-sdk 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/ansible/ansible 15 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/rusqlite/rusqlite 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cloudfoundry/uaa 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/shopware/platform 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/bcgit/bc-java 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/DSpace/DSpace 7 https://github.com/dotnet/aspnetcore 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/eclipse/jetty.project 7 https://github.com/snipe/snipe-it 7 https://github.com/rubygems/rubygems 7 https://github.com/hashicorp/vault 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/cxf 7 https://github.com/denoland/deno 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/activemq 7 https://github.com/zitadel/zitadel 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/dromara/hutool 6 https://github.com/opencast/opencast 6 https://github.com/contao/contao 6 https://github.com/CVEProject/cvelist 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/sequelize/sequelize 6 https://github.com/pyca/cryptography 6 https://github.com/backstage/backstage 6 https://github.com/gravitl/netmaker 6 https://github.com/guzzle/guzzle 6 https://github.com/smarty-php/smarty 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/Pylons/waitress 6 https://github.com/istio/istio 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/bodil/sized-chunks 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/froxlor/froxlor 6 https://github.com/TYPO3/typo3 6 https://github.com/twisted/twisted 5 https://github.com/forkcms/forkcms 5 https://github.com/cefsharp/CefSharp 5 https://github.com/aubio/aubio 5 https://github.com/apache/hadoop 5 https://github.com/gogs/gogs 5 https://github.com/directus/directus 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/traefik/traefik 5 https://github.com/docker/docker 5 https://github.com/hpcng/singularity 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/getkirby/kirby 5 https://github.com/nautobot/nautobot 5 https://github.com/cilium/cilium 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/pear/Archive_Tar 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/laravel/framework 5 https://github.com/composer/composer 5 https://github.com/drupal/core 5 https://github.com/answerdev/answer 5 https://github.com/zopefoundation/Zope 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/vantage6/vantage6 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/cloudflare/cfrpki 4 https://github.com/npm/cli 4 https://github.com/containers/buildah 4 https://github.com/containers/podman 4 https://github.com/openstack/keystone 4 https://github.com/centreon/centreon-archived 4 https://github.com/statamic/cms 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/fiveai/Cachet 4 https://github.com/ethereum/go-ethereum 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/libp2p/go-libp2p 4 https://github.com/playframework/playframework 4 https://github.com/PrismJS/prism 4 https://github.com/tidwall/gjson 4 https://github.com/Froxlor/Froxlor 4 https://github.com/ericcornelissen/shescape 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/free5gc/free5gc 4 https://github.com/opencontainers/runc 4 https://github.com/Codiad/Codiad 4 https://github.com/bolt/bolt 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/phpseclib/phpseclib 4 https://github.com/apache/geode 4 https://github.com/cri-o/cri-o 4 https://github.com/quarkusio/quarkus 4 https://github.com/baserproject/basercms 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/wixtoolset/issues 4 https://github.com/hashicorp/nomad 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/jettison-json/jettison 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/ethyca/fides 4 https://github.com/nightcloudos/new_cms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/apple/swift-nio-http2 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/totaljs/framework 4 https://github.com/microsoft/msquic 3 https://github.com/authzed/spicedb 3 https://github.com/digitalbazaar/forge 3 https://github.com/siderolabs/talos 3 https://gitlab.com/edneville/please 3 https://github.com/jenkinsci/gitlab-plugin 3 https://github.com/rack/rack 3 https://github.com/TryGhost/Ghost 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/steveukx/git-js 3 https://github.com/npm/npm 3