Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1yd2NqLTdqanAtNHczOM4AA-A0
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Ecosystems: pypi
Packages: puncia
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS1nOTJqLXFobWgtNjR2Ms4AA9_r
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Ecosystems: pypi
Packages: sentry-sdk
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 4 days ago
Low
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 5 days ago
Low
GSA_kwCzR0hTQS12bWNwLTY2cjUtM3BjcM4AA9-0
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Ecosystems: nuget
Packages: Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 5 days ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS0zNDJxLTJtYzItNWdtcM4AA95a
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 13 days ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS1qajY4LWNwNHYtOThxZs4AA9d2
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
Low
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Low
GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 26 days ago
Low
GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 26 days ago
Low
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 27 days ago
Low
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1ncmp2LWdqZ3ItNjZnMs4AA9Px
SpiceDB exclusions can result in no permission returned when permission expected
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14Z3FtLXdwN3ctbWdnMs4AA9GA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zMmNqLTV3eDQtZ3E4cM4AA8_N
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12OTk0LWY4dnctZzdqNM4AA84U
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05OWhtLTg2aDctZ3IzZ84AA81n
zenml-io/zenml does not expire the session after password reset
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Cross site scripting in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Improper authentication in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1jNTQ2LThqbXEtaHByas4AA8w2
Race condition in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1weHY4LXFocmgtamM3ds4AA8wK
evmos allows transferring unvested tokens after delegations
Ecosystems: go
Packages: github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01MnhmLTVwMm0tOXdyds4AA8wF
s2n-tls has a potentially observable differences in RSA premaster secret handling
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zcDR4LWdycG0teHc1OM4AA8wD
Password hash exposed in CraftCMS two factor authentication plugin
Ecosystems: packagist
Packages: born05/craft-twofactorauthentication
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oOTM0LWY0bTQtd2M4eM4AA8uc
Typo3 Information Disclosure in Page Tree
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1jN3A2LTNjOWMtZjg4cc4AA8uE
Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00bTNnLTZyN2ctanY0Zs4AA8t0
Arbitrary JavaScript execution due to using outdated libraries
Ecosystems: pypi
Packages: gradio_pdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12dzYzLTgyNHYtcWYyas4AA8mZ
SQL Injection in Harbor scan log API
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1xdnBqLXc3eGotcjZ3Oc4AA8mW
Password confirmation stored in plain text via registration form in statamic/cms
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1jMmcyLWd4NGotcmozas4AA8mO
Slack integration leaks sensitive information in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04Y201LWpmajItMjZxN84AA8jP
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1wNTcyLXAycmotcTVmNM4AA8jE
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Ecosystems: nuget
Packages: Umbraco.Forms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix
silverstripe/framework sends passwords back to browsers under some circumstances
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib
silverstripe/framework password encryption salt not updated
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zZjY1LW0yMzQtOW14cs4AA8iZ
github.com/huandu/facebook may expose access_token in error message.
Ecosystems: go
Packages: github.com/huandu/facebook/v2
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0ycWpwLWZnOGMtZzg3OM4AA8iS
vxe-table Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vxe-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03NzljLTd3NHAtMmM0Z84AA8ft
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 2 months ago
Low
GSA_kwCzR0hTQS05OXI0LWNqcDQtM2hteM4AA8fs
vantage6 collaboration admins can extend their influence by expanding the collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yajZyLTl2djQtNmdmNc4AA8WS
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Ecosystems: go
Packages: github.com/bincyber/go-sqlcrypter
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 2 months ago
Low
GSA_kwCzR0hTQS1mNXBwLXBtcTgtZ3A0Ns4AA8Vu
Passbolt Api Retrieval of HTTP-only cookies
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 2 months ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
Ecosystems: packagist
Packages: datadog/dd-trace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej
Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg
containerd started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yOTVoLTl4OGYtcjNmN84AA74p
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113
Ecosystems: npm
Packages: thelounge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS1nN3Z2LTJ2N3gtZ2o5cM4AA7v0
tqdm CLI arguments injection attack
Ecosystems: pypi
Packages: tqdm
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attack
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS05NHByLXc5NjgtaDkyM84AA7fp
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wMndxLTRnZ3AtNDVmM84AA7U_
Mattermost fails to limit the size of a request path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE
Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1odnA1LTV4NGYtMzNmcc4AA7PK
JADX file override vulnerability
Ecosystems: maven
Packages: io.github.skylot:jadx-core
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 3 months ago
Low
GSA_kwCzR0hTQS14ODgzLTJ2bWcteHdmN84AA7PJ
Authelia's Group Changes may not have the expected results (YAML file backend)
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediately
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS02bTloLTJwcjItOWo4Zs4AA7Lw
1Panel's password verification is suspected to have a timing attack vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU
Prototype pollution in emit function
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS14Njc0LXY0NWotZnd4d84AA7DY
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Ecosystems: nuget
Packages: Microsoft.Identity.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS14cDlqLThwNjgtOXE5M84AA6p2
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 4 months ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 478
Ecosystems: 12
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 typo3/cms 13 shopware/platform 12 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 vyper 7 matrix-synapse 7 puppet 6 org.keycloak:keycloak-services 6 Umbraco.CMS 6 undici 6 rack 5 helm.sh/helm/v3 5 ethyca-fides 5 wasmtime 5 october/backend 5 sweetalert2 5 k8s.io/kubernetes 5 ansible 5 silverstripe/framework 5 typo3/cms-core 5 baserproject/basercms 5 github.com/cilium/cilium 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 helm.sh/helm 4 zenml 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 electron 4 actionpack 4 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 ckb 3 bin-links 3 org.apache.hive:hive 3 passenger 3 github.com/cosmos/cosmos-sdk 3 github.com/authzed/spicedb 3 vantage6 3 com.vaadin:vaadin-bom 3 wagtail 3 nautobot 3 @openzeppelin/contracts-upgradeable 3 node-forge 3 github.com/mattermost/mattermost-server 3 httplib2 3 glance 3 cryptography 3 plone 3 go.etcd.io/etcd/v3 3 org.graylog2:graylog2-server 3 symfony/symfony 3 Flask-Security-Too 2 grumpydictator/firefly-iii 2 github.com/docker/docker 2 org.jenkins-ci.plugins:azure-ad 2 tuf 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 pip 2 typo3/cms-frontend 2 next-auth 2 org.keycloak:keycloak-ldap-federation 2 org.jenkins-ci.plugins:mercurial 2 node-ipc 2 craftcms/cms 2 org.apache.activemq:activemq-parent 2 Pillow 2 winter/wn-backend-module 2 vodozemac 2 github.com/containerd/containerd 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 com.inedo.proget:inedo-proget 2 github.com/hashicorp/nomad 2 activesupport 2 org.jenkins-ci.plugins:wso2id-oauth 2 sylius/sylius 2 github.com/goharbor/harbor 2 gilacms/gila 2 github.com/opencontainers/runc 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 braces 2 sequoia-openpgp 2 github.com/mattermost/mattermost-plugin-jira 2 github.com/answerdev/answer 2 org.xwiki.platform:xwiki-platform-oldcore 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 october/cms 2 go.etcd.io/etcd/client/v3 2 github.com/nats-io/nats-server/v2 2 parse-server 2 org.jenkins-ci.plugins:repository-connector 2 moin 2 symfony/security-http 2 keystone 2 github.com/cometbft/cometbft 2 langchain 2 statamic/cms 2 OctoPrint 2 github.com/ntbosscher/gobase 2 cargo 2 Flask-AppBuilder 2 @apollo/server 2 s2n-quic 2 org.bouncycastle:bcprov-jdk14 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 Zope 2 com.ruoyi:ruoyi 2 microweber/microweber 2 org.eclipse.jetty:jetty-server 2 ceph-deploy 2 Django 2 Nova 2 salt 2 org.jenkins-ci.plugins:artifactory 2 flarum/core 2 github.com/hashicorp/vault 2 horizon 2 october/system 2 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 admidio/admidio 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 @floffah/build 1 ajenti 1 fast-xml-parser 1 es5-ext 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 hyper 1 croogo/croogo 1 go.etcd.io/etcd 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/consensys/gnark-crypto 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 rabbit_common 1 org.wiremock:wiremock-standalone 1 org.wiremock:wiremock 1 com.github.tomakehurst:wiremock-jre8 1 cinder 1 contao/core-bundle 1 basti-cdk 1 neutron 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 org.apache.solr:solr-core 1 github.com/crossplane/crossplane 1 org.jenkins-ci.plugins:skytap 1 org.apache.struts:struts2-core 1 amundsen-frontend 1 com.openmake:deployhub 1 matrix-appservice-irc 1 drupal/drupal 1 oslo.utils 1 zmarkdown 1 github.com/grafana/grafana 1 sulu/sulu 1 org.jenkins-ci.plugins:labmanager 1 transformers 1 @node-red/runtime 1 org.springframework.cloud:spring-cloud-contract-shade 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 njwt 1 ascii-art 1 merge-objects 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/octobercms/october 9 https://github.com/keycloak/keycloak 9 https://github.com/etcd-io/etcd 8 https://github.com/vyperlang/vyper 7 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/nodejs/undici 6 https://github.com/rails/rails 6 https://github.com/ethyca/fides 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/kubernetes/kubernetes 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/helm/helm 5 https://github.com/TYPO3/typo3 5 https://github.com/puppetlabs/puppet 5 https://github.com/baserproject/basercms 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/jenkinsci/jenkins 5 https://github.com/silverstripe/silverstripe-framework 4 https://github.com/apache/tomcat 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/vantage6/vantage6 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/electron/electron 4 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/authzed/spicedb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/nervosnetwork/ckb 3 https://github.com/wagtail/wagtail 3 https://github.com/symfony/symfony 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/CVEProject/cvelist 3 https://github.com/nautobot/nautobot 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/zenml-io/zenml 3 https://github.com/phusion/passenger 3 https://github.com/digitalbazaar/forge 3 https://github.com/vaadin/flow 3 https://github.com/openstack/keystone 3 https://github.com/opencontainers/distribution-spec 2 https://github.com/rust-lang/cargo 2 https://github.com/zopefoundation/Zope 2 https://github.com/aio-libs/aiohttp 2 https://github.com/mutagen-io/mutagen 2 https://github.com/matrix-org/vodozemac 2 https://github.com/GilaCMS/gila 2 https://github.com/bcgit/bc-java 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/answerdev/answer 2 https://github.com/aws/s2n-quic 2 https://github.com/craftcms/cms 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/parse-community/parse-server 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/django/django 2 https://github.com/openstack/glance 2 https://github.com/saltstack/salt 2 https://github.com/hashicorp/nomad 2 https://github.com/quarkusio/quarkus 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/octoprint/octoprint 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/moby/moby 2 https://github.com/containerd/containerd 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/nats-io/nats-server 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/opencontainers/runc 2 https://github.com/cometbft/cometbft 2 https://github.com/ntbosscher/gobase 2 https://github.com/micromatch/braces 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/statamic/cms 2 https://github.com/apache/airflow 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/ceph/ceph-deploy 2 https://github.com/flarum/framework 2 https://github.com/apollographql/apollo-server 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/microweber/microweber 2 https://github.com/goharbor/harbor 2 https://github.com/pypa/pip 2 https://github.com/aws/aws-database-encryption-sdk-dynamodb-java 1 https://github.com/apache/hive 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/rust-lang/ferris-says 1 https://github.com/vercel/next.js 1 https://github.com/showdownjs/showdown 1 https://github.com/joniles/mpxj 1 https://github.com/lima-vm/lima 1 https://github.com/jenkinsci/http-request-plugin 1 https://github.com/temporalio/temporal 1 https://github.com/cheqd/cheqd-node 1 https://github.com/peterbraden/node-opencv 1 https://github.com/jenkinsci/publish-over-ssh-plugin 1 https://github.com/apache/camel 1 https://github.com/Netflix/lemur 1 https://github.com/redis/redis-py 1 https://github.com/plone/plone.restapi 1 https://github.com/seattlerb/ruby_parser 1 https://github.com/crossplane/crossplane 1 https://github.com/x-extends/vxe-table 1 https://github.com/fog/fog 1 https://github.com/jenkinsci/structs-plugin 1 https://github.com/maykinmedia/commonground-api-common 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/cloudfoundry/uaa 1 https://github.com/codeigniter4/CodeIgniter4 1 https://github.com/admidio/admidio 1 https://github.com/http4s/http4s 1 https://github.com/Archomeda/Gw2Sharp 1 https://github.com/BohdanPetryshyn/basti 1 https://github.com/simonw/datasette-graphql 1 https://github.com/illuminate/encryption 1 https://github.com/contao/contao 1 https://github.com/dmendel/bindata 1 https://github.com/rrrodzilla/rusty_paseto 1 https://github.com/petl-developers/petl 1 https://github.com/collectiveidea/audited 1 https://github.com/commenthol/serialize-to-js 1 https://github.com/qutebrowser/qutebrowser 1 https://github.com/bookstackapp/bookstack 1 https://github.com/jakubpawlowicz/clean-css 1 https://github.com/spinacms/spina 1 https://github.com/decidim/decidim 1 https://github.com/ibexa/core 1 https://github.com/jupyterhub/jupyterhub 1 https://github.com/sparklemotion/nokogiri 1 https://github.com/FriendsOfFlarum/byobu 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/moment/moment-timezone 1 https://github.com/pendulum-project/ntpd-rs 1 https://github.com/jenkinsci/parameterized-trigger-plugin 1 https://github.com/boazsegev/iodine 1 https://github.com/petergoldstein/dalli 1 https://github.com/syncthing/syncthing 1 https://github.com/mportuga/eslint-detailed-reporter 1 https://github.com/evmos/evmos 1 https://github.com/screetsec/VDD 1 https://github.com/expressjs/serve-static 1 https://github.com/mozilla/sops 1 https://github.com/apache/solr 1 https://github.com/visionmedia/send 1 https://github.com/DSpace/DSpace 1 https://github.com/Katello/katello 1 https://github.com/urllib3/urllib3 1 https://github.com/isaacs/chownr 1 https://github.com/apache/lucene-solr 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/PinkDraconian/PoC-Langchain-RCE 1 https://github.com/mganss/HtmlSanitizer 1 https://github.com/onelogin/php-saml 1 https://github.com/ikus060/rdiffweb 1 https://github.com/plone/plone.namedfile 1 https://github.com/C2FO/fast-csv 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/colinhacks/zod 1 https://github.com/pterodactyl/panel 1 https://github.com/auth0/lock 1 https://github.com/artifacthub/hub 1 https://github.com/iterative/PyDrive2 1 https://github.com/encode/starlette 1 https://github.com/IdentityPython/pysaml2 1 https://github.com/pmmp/PocketMine-MP 1 https://github.com/cloudflare/tableflip 1 https://github.com/sjwall/mdx-mermaid 1 https://github.com/paragonie/random_compat 1 https://github.com/mautic/mautic 1 https://github.com/ory/oathkeeper 1 https://github.com/cloudflare/cfrpki 1 https://github.com/distribution/distribution 1 https://github.com/DataDog/dd-trace-php 1 https://github.com/google/tink 1 https://github.com/octokit/octopoller.rb 1 https://github.com/node-js-libs/cli 1 https://github.com/Seldaek/monolog 1 https://github.com/visionmedia/debug 1 https://github.com/thorsten/phpMyFAQ 1