Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS01cjhqLXFtY20tN2c3cc4AA2-w
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.uima:uimaj
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1nMnFxLWM1ajktNXc1d84AA2-X
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 6 months ago
High
GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Prototype Pollution(PP) vulnerability in setByPath
Ecosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration API
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 7 months ago
High
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 7 months ago
High
GSA_kwCzR0hTQS14cjhjLW1xNXgtNWY1Ns4AA25D
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
Ecosystems: maven
Packages: top.tangyh.basic:lamp-util, top.tangyh.basic:lamp-core
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on Windows
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1yOWNtLXB3OWotM2ZweM4AA21l
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
High
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207
xkeys seal encryption used fixed key for all encryption
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1nNWhwLTMyOGgtamo5OM4AA2zj
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 7 months ago
High
GSA_kwCzR0hTQS00Z3BtLXIyM2gtZ3Byd84AA2zp
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 7 months ago
High
GSA_kwCzR0hTQS1mNzI4LXByaHctMmc2OM4AA2zm
Insufficient Session Expiration in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM
quic-go vulnerable to pointer dereference that can lead to panic
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 7 months ago
High
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1oOTJtLTRnOW0tNzJ2cs4AA2wi
juzawebCMS Injection vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03YzJxLTVxbXItdjc2cc4AA2we
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 7 months ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: 7 months ago
High
GSA_kwCzR0hTQS0yY3FmLTZ4djktZjIyd84AA2uM
Elasticsearch vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO
Ingress nginx annotation injection causes arbitrary command execution
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ
gRPC-Go HTTP/2 Rapid Reset vulnerability
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zNWo1LW0yOXIteGZxNc4AA2sH
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-core-rendering-macro-footnotes, org.xwiki.rendering:xwiki-rendering-macro-footnotes
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1yd3d4LTY1NzItbXAyOc4AA2sF
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS12MnJyLXh3OTUtd2NqeM4AA2sE
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-menu-ui, org.xwiki.platform:xwiki-platform-menu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1tdjc3LWZqNjMtcTV3OM4AA2q7
Stored XSS vulnerability in Jenkins GitHub Plugin
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1qeDd4LXJmM2YtajY0NM4AA2ry
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qd3gzLTJocTMtNjgyY84AA2rF
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
Ecosystems: maven
Packages: org.jenkins-ci.plugins:trac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13OXZoLWh2NWctN3dtcs4AA2pw
SaToken authentication bypass vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 7 months ago
High
GSA_kwCzR0hTQS05MjQyLTZwMzYtNjI1Ns4AA2pR
Inefficient Regular Expression Complexity in node-email-check
Ecosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03ZzI0LXFnODgtcDQzcc4AA2pM
jose4j uses weak cryptographic algorithm
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV
Nautobot vulnerable to exposure of hashed user passwords via REST API
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS01cHIzLW01aG0tOTk1Ns4AA2oT
WPS Server Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.geoserver.extension:gs-wps-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qcTN3LTltZ2YtNDNtNM4AA2oO
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extension
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1jcXZ2LXIzZzMtMjZyZs4AA2nX
free5GC udm vulnerable to Invalid Curve Attack
Ecosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 7 months ago
High
GSA_kwCzR0hTQS02aDhwLTRoeDktdzY2Y84AA2mq
Langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan Lockfile
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
High
GSA_kwCzR0hTQS05d2ozLWNmcTgtd3B2as4AA2mc
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
High
GSA_kwCzR0hTQS0ycmNwLWp2cjQtcjI1Oc4AA2mV
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Ecosystems: cargo, npm
Packages: tauri-cli, @tauri-apps/cli
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1jZ2Y4LWgzZnAtaDk1Ns4AA2lB
Pleaser privilege escalation vulnerability
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1obWd3LTlqcmctaGYybc4AA2kX
Directus crashes on invalid WebSocket message
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 7 months ago
High
GSA_kwCzR0hTQS13NG0yLXFtaDMtMmc4Zs4AA2kP
Yamcs Path Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ
Artifact Hub arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD
NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMzQ0LXh3M3AtMmZyas4AA2kB
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1qajMyLTNwZjUtNW12Nc4AA2jn
Apache InLong Deserialization of Untrusted Data Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo, org.apache.inlong:manager-common
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
High
GSA_kwCzR0hTQS02NTV3LWZtOG0tbTQ3OM4AA2ja
LangChain Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: 7 months ago
High
GSA_kwCzR0hTQS1qZzgyLXhoM3ctcmh4eM4AA2jA
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
Ecosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_
OpenFGA DoS vulnerability
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9
Arduino Create Agent path traversal - local privilege escalation vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS12OWpoLWo4cHgtOTh2cc4AA2iM
go-ethereum vulnerable to denial of service via crafted GraphQL query
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 7 months ago
High
GSA_kwCzR0hTQS04d3gzLTMyNGctdzRxcc4AA2ga
OpenSearch uncontrolled resource consumption
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
High
GSA_kwCzR0hTQS12MjN3LXBwcG0tamg2Ns4AA2gU
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 7 months ago
High
GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR
github.com/kumahq/kuma affected by CVE-2023-44487
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
High
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcGNmLXFyNzktaGpxcM4AA2dw
SQL Injection in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcjZoLTd4Mm0tcmdtcc4AA2dG
SQL injection in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcHI4LTR3dngtajlxM84AA2cb
node-qpdf vulnerable to command injection
Ecosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 7 months ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
High
GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
kOps privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 7 months ago
High
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
High
GSA_kwCzR0hTQS0zM3ZqLXI2cDYteDRwOM4AA2YJ
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcjQ0LTU0NnAtN3hjcM4AA2X_
MsQuic Remote Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.Schannel, Microsoft.Native.Quic.MsQuic.OpenSSL
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS14cHc4LXJjd3YtOGY4cM4AA2X-
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
Ecosystems: maven
Packages: io.netty:netty-codec-http2
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
High
GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9
MTProto proxy remote code execution vulnerability
Ecosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1nOXYyLXdxY2otajk5Z84AA2X4
Uptime Kuma has Persistentent User Sessions
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS14aDVtLThxcXAtYzV4N84AA2X0
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13Z2g3LTU0ZjIteDk4cs4AA2Xy
HTTP/2 HPACK integer overflow and buffer allocation
Ecosystems: maven
Packages: org.eclipse.jetty.http2:http2-hpack, org.eclipse.jetty.http3:http3-qpack
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 7 months ago
High
GSA_kwCzR0hTQS01bWZ4LTR3Y3gtcnYyN84AA2Vz
Azure Identity SDK Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Azure.Identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCT
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
High
GSA_kwCzR0hTQS02cGdyLWo5djQteGZ2ds4AA2R_
ThingsBoard Server-Side Template Injection
Ecosystems: maven
Packages: org.thingsboard:thingsboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13cWNyLXhtNDMtaHBxcs4AA2R3
Vulnerable version of libwebp and can be exploited with a malicious source image
Ecosystems: nuget
Packages: ImageResizer.Plugins.FreeImage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mOXBtLTRnOXAtNnZtM84AA2Rp
Bundled libwebp in pywebp vulnerable
Ecosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS0zZjQ4LTlqN3EtcTJnds4AA2Qr
NI MeasurementLink Python Services Improper Access Restriction vulnerability
Ecosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templates
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 8 months ago
High
GSA_kwCzR0hTQS00YzI5LWdmcnAtZzZ4Oc4AA2QO
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerable
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validation
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
High
GSA_kwCzR0hTQS02aGM5LWNmOHgtaGY4M84AA2O5
Quarkus OIDC can leak both ID and access tokens
Ecosystems: maven
Packages: io.quarkus:quarkus-oidc
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 8 months ago
High
GSA_kwCzR0hTQS04NnE1LXFjamMtN3B2NM4AA2Oc
Presto JDBC Server-Side Request Forgery by nextUri
Ecosystems: maven
Packages: com.facebook.presto:presto-jdbc
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 8 months ago
High
GSA_kwCzR0hTQS14bTd4LWYzdzItNGhqbc4AA2Ob
Presto JDBC Server-Side Request Forgery by redirect
Ecosystems: maven
Packages: com.facebook.presto:presto-jdbc
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 8 months ago
High
GSA_kwCzR0hTQS0yODk0LXFjcWYtZzIzZ84AA2Ml
asyncua Improper Authentication vulnerability
Ecosystems: pypi
Packages: asyncua
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 8 months ago
High
GSA_kwCzR0hTQS12ODM0LXJodjQtNjVtM84AA2Mj
static-server Path Traversal vulnerability
Ecosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3