Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Browse all Security Advisories for Low

Loading...
Low
GSA_kwCzR0hTQS00Z2M3LTVqN2gtNHFwaM4ABAa0
Spring Framework DataBinder Case Sensitive Match Exception
Ecosystems: maven
Packages: org.springframework:spring-context
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 4 days ago
Low
GSA_kwCzR0hTQS03YzRjLTc0OWotcGZwMs4ABAWE
Admidio Vulnerable to HTML Injection In The Messages Section
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Low
GSA_kwCzR0hTQS1oNDdoLW13cDktYzZxNs4ABATf
Possible ReDoS vulnerability in block_format in Action Mailer
Ecosystems: rubygems
Packages: actionmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS13d2h2LXd4djktcnBnd84ABATc
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS12Zmc5LXIzZnEtanZ4NM4ABATd
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1mYzloLXdocTItdjc0N84ABARZ
Valid ECDSA signatures erroneously rejected in Elliptic
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1xaDhnLTU4cHAtMnd4aM4ABAQY
Eclipse Jetty URI parsing of invalid authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 days ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 7 days ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 days ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 11 days ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 12 days ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 12 days ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 13 days ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 13 days ago
Low
GSA_kwCzR0hTQS1weGc2LXBmNTIteGg4eM4AA_9q
cookie accepts cookie name, path, and domain with out of bounds characters
Ecosystems: npm
Packages: cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerability
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: 18 days ago
Low
GSA_kwCzR0hTQS13cHIyLWo2Z3ItcGp3Oc4AA_7y
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Ecosystems: go
Packages: github.com/opentofu/opentofu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Low
GSA_kwCzR0hTQS1tcnc4LTUzNjgtcGhtM84AA_7c
Contao allows admin an account to upload SVG file containing malicious JavaScript
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 19 days ago
Low
GSA_kwCzR0hTQS1oeHBwLWc3Nm0tcWh2Z84AA_7a
October allows an admin account to upload PDF containing malicious JavaScript
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 19 days ago
Low
GSA_kwCzR0hTQS0yY2M1LTQyOXgtcDM4N84AA_7b
Zenario Cross Site Scripting in the Image library
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Low
GSA_kwCzR0hTQS0zNjM2LWh4NjItcHYyNs4AA_7Z
Zenario allows authenticated admin users to upload PDF files containing malicious code
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Low
GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 20 days ago
Low
GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 20 days ago
Low
GSA_kwCzR0hTQS1najNwLWo3NHYtM3g1N84AA_14
ReLaXed Cross-site Scripting vulnerability
Ecosystems: npm
Packages: relaxedjs
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 24 days ago
Low
GSA_kwCzR0hTQS1nNTRmLTY2bXctaHY2Ns4AA_zF
Agnai vulnerable to Relative Path Traversal in Image Upload
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Low
GSA_kwCzR0hTQS1oMzU1LWhtNWgtY204aM4AA_zE
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Low
GSA_kwCzR0hTQS0ycXE3LWZjaDItcGhxZs4AA_yk
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Ecosystems: maven
Packages: org.apache.maven.plugins:maven-archetype-plugin
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 26 days ago
Low
GSA_kwCzR0hTQS1mNWZ3LTI1Z3ctNW05Ms4AA_xF
Apache Hadoop: Temporary File Local Information Disclosure
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 27 days ago
Low
GSA_kwCzR0hTQS14OGgyLTI1NXEtamc0eM4AA_v1
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 27 days ago
Low
GSA_kwCzR0hTQS1xN3FyLTIycXctcHFneM4AA_wK
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 27 days ago
Low
GSA_kwCzR0hTQS1oOTJxLWZncHAtcWhycc4AA_rV
CoreDNS Cache Poisoning via a birthday attack
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1qaGc2LTZxcngtMzhtcs4AA_rH
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1wNzJ3LXI2ZnYtNmc1aM4AA_m_
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Ecosystems: maven
Packages: org.apache.druid.extensions:druid-pac4j
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1qaDY2LTM1NDUtdnBtN84AA_nI
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Ecosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0yMzI2LXBmcGotdngzaM4AA_kC
lexical-core has multiple soundness issues
Ecosystems: cargo
Packages: lexical-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14Z3E5LTdndzYtanI1cs4AA_j6
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01Nzc3LXJjamotOXAyMs4AA_j9
Mattermost Desktop App fails to safeguard screen capture functionality
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tOWdmLTM5N3ItaHdwZ84AA_YN
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tcW05LWM5NWgteDJwNs4AA_YR
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTM4LWpoNWYtMzdtcc4AA_TY
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Ecosystems: go
Packages: github.com/sigstore/sigstore-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mdzVyLTZtM3gtcmg3cM4AA_TB
Flask-AppBuilder's login form allows browser to cache sensitive fields
Ecosystems: pypi
Packages: flask-appbuilder
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yaDQ2LThnZjUtZm14ds4AA_S_
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12MjZyLTRjOWMtaDNqNs4AA_QH
gix-path uses local config across repos when it is the highest scope
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qZnZwLTd4NnAtaDJwds4AA_QD
runc can be confused to create empty files/directories on the host
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03ajlwLTY3bW0tNWc4N84AA_D0
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Ecosystems: pypi
Packages: lti-consumer-xblock
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS05Y2Z2LTk0NjMtOGdxds4AA_Dy
freewvs vulnerable to denial of service through large files
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03cG1oLXZyd3ctMjV4eM4AA_Dx
freewvs's nested directory structure can interrupt scan
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1tZ3dyLWg3bXYtZmgyOc4AA_B2
Hwameistor Potential Permission Leakage of Cluster Level
Ecosystems: go
Packages: github.com/hwameistor/hwameistor
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zajk1LThnNDctZnB3aM4AA-4h
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS04OGcyLXI5cnctZzU1aM4AA-4b
gitoxide-core does not neutralize special characters for terminals
Ecosystems: cargo
Packages: gitoxide-core, gitoxide
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS02djk2LW0yNHYtZjU4as4AA-1-
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zcjc0LXY4M3AtZjRmNM4AA-xT
Trufflehog vulnerable to Blind SSRF in some Detectors
Ecosystems: go
Packages: github.com/trufflesecurity/trufflehog/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1oNmpxLXc0MzItajI2d84AA-ty
Silverpeas vulnerable to password complexity rule bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jNDd3LTltY2Ytdzk3Ms4AA-hx
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xNXd4LW05NXItNGNnY84AA-iF
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS13Nmo2LXc2angtdmYycs4AA-gS
Concrete CMS Stored XSS in getAttributeSetName
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tM3JoLWN2cjUteDZxNM4AA-gF
CosmWasm wasmd has large address count in ValidateBasic
Ecosystems: go
Packages: github.com/CosmWasm/wasmd
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS13OXBnLTdjM2gtZmM4as4AA-Xn
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Ecosystems: packagist
Packages: ipl/web
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mN3E0LXB3YzYtdzI0cM4AA-Vu
Elliptic's EDDSA missing signature length check
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS00OXE3LWM3ajQtM3A3bc4AA-Vw
Elliptic allows BER-encoded signatures
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS05Nzd4LWc3aDUtN3Fnd84AA-Vv
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zY3BmLWptbWMtOGptM84AA-Us
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS05ZnB3LWM5eDctY3Yzas4AA-Ua
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12dnBnLTU1cDctNWg4d84AA-UY
Mattermost did not properly restrict channel creation
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qcTNnLXhxcHgtMzd4M84AA-UR
Mattermost failed to properly validate synced reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wOXc0LTU4NWgtZzNjN84AA-TH
biscuit-auth vulnerable to public key confusion in third party block
Ecosystems: cargo
Packages: biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS01aGNqLXJ3bTYteG13NM4AA-TA
biscuit-java vulnerable to public key confusion in third party block
Ecosystems: maven
Packages: org.biscuitsec:biscuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zamNnLXZ4N2YtajZxZs4AA-RP
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Ecosystems: npm
Packages: @fuel-ts/account
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS02NmZ3LTQzaDgtZjhwM84AA-I3
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Ecosystems: cargo
Packages: xmp_toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jeDdoLWg4N3ItanBncs4AA-Hz
The kstring integration in gix-attributes is unsound
Ecosystems: cargo
Packages: gix-attributes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xNDdwLXY1cnctdjU3NM4AA-FC
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yd2NqLTdqanAtNHczOM4AA-A0
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Ecosystems: pypi
Packages: puncia
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1nOTJqLXFobWgtNjR2Ms4AA9_r
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Ecosystems: pypi
Packages: sentry-sdk
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 3 months ago
Low
GSA_kwCzR0hTQS12bWNwLTY2cjUtM3BjcM4AA9-0
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Ecosystems: nuget
Packages: Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zNDJxLTJtYzItNWdtcM4AA95a
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qajY4LWNwNHYtOThxZs4AA9d2
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS1ncmp2LWdqZ3ItNjZnMs4AA9Px
SpiceDB exclusions can result in no permission returned when permission expected
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS14Z3FtLXdwN3ctbWdnMs4AA9GA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Statistics
Advisories: 20,351
Packages: 8,931
Repositories: 496
Ecosystems: 12
Filter by Severity
Moderate 8,817 High 7,060 Critical 3,018 Low 1,120
Filter by Ecosystem
pypi 486 maven 303 packagist 209 go 160 npm 150 cargo 54 rubygems 51 nuget 24 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 109 tensorflow-cpu 109 concrete5/concrete5 19 moodle/moodle 17 github.com/mattermost/mattermost/server/v8 14 typo3/cms 13 shopware/platform 12 shopware/core 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 nova 9 org.apache.tomcat:tomcat 9 vyper 7 wasmtime 6 puppet 6 Umbraco.CMS 6 ethyca-fides 6 undici 6 org.keycloak:keycloak-services 6 silverstripe/framework 5 sweetalert2 5 rack 5 baserproject/basercms 5 helm.sh/helm/v3 5 typo3/cms-core 5 elliptic 5 actionpack 5 magento/community-edition 5 october/backend 5 k8s.io/kubernetes 5 github.com/authzed/spicedb 5 simplesamlphp/simplesamlphp 4 com.vaadin:flow-server 4 github.com/cilium/cilium 4 zenml 4 electron 4 helm.sh/helm 4 shopware/shopware 4 github.com/mattermost/mattermost-server/v6 4 org.graylog2:graylog2-server 3 cryptography 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 go.etcd.io/etcd/v3 3 passenger 3 @openzeppelin/contracts-upgradeable 3 glance 3 ansible 3 github.com/cosmos/cosmos-sdk 3 symfony/symfony 3 wagtail 3 nautobot 3 github.com/mattermost/mattermost-server 3 vantage6 3 ckb 3 node-forge 3 bin-links 3 github.com/opencontainers/runc 3 typo3/cms-backend 3 mattermost-desktop 3 matrix-synapse 3 angular 2 cargo 2 s2n-quic 2 org.jenkins-ci.plugins:repository-connector 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 @apollo/server 2 github.com/hashicorp/vault 2 keystone 2 @openzeppelin/contracts 2 gilacms/gila 2 Zope 2 org.bouncycastle:bcprov-jdk14 2 github.com/nats-io/nats-server/v2 2 org.eclipse.jetty:jetty-server 2 apache-airflow 2 horizon 2 github.com/mattermost/mattermost-plugin-jira 2 statamic/cms 2 org.eclipse.jetty:jetty-servlets 2 parse-server 2 ezsystems/ezpublish-kernel 2 october/system 2 sequoia-openpgp 2 github.com/cometbft/cometbft 2 org.xwiki.platform:xwiki-platform-oldcore 2 october/cms 2 github.com/answerdev/answer 2 ceph-deploy 2 com.ruoyi:ruoyi 2 symfony/security-http 2 freewvs 2 github.com/docker/docker 2 salt 2 ezsystems/ezplatform-kernel 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:wso2id-oauth 2 activesupport 2 tribalsystems/zenario 2 Flask-AppBuilder 2 winter/wn-backend-module 2 agnai 2 librenms/librenms 2 org.keycloak:keycloak-ldap-federation 2 gradio 2 org.eclipse.jetty:jetty-http 2 org.jenkins-ci.plugins:mercurial 2 plone 2 vodozemac 2 org.apache.hadoop:hadoop-common 2 flarum/core 2 Nova 2 OctoPrint 2 braces 2 Flask-Security-Too 2 langchain 2 tuf 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 microweber/microweber 2 typo3/cms-frontend 2 org.jenkins-ci.plugins:azure-ad 2 github.com/containerd/containerd 2 org.jenkins-ci.plugins:ec2 2 github.com/hashicorp/nomad 2 github.com/sigstore/cosign 2 com.inedo.proget:inedo-proget 2 github.com/goharbor/harbor 2 node-ipc 2 admidio/admidio 2 org.jenkins-ci.plugins:artifactory 2 tools.devnull:build-notifications 2 org.apache.activemq:activemq-parent 2 sylius/sylius 2 craftcms/cms 2 github.com/ntbosscher/gobase 2 next-auth 2 net.sf.mpxj-for-csharp 1 net.sf.mpxj 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:synopsys-coverity 1 io.jenkins.plugins:frugal-testing 1 cinder 1 net.sf.mpxj-for-vb 1 kimai/kimai 1 net.sf.mpxj:mpxj 1 kafo 1 fastify-http-proxy 1 ckeditor4 1 zerocopy 1 go.elastic.co/apm 1 mpxj 1 contao/core-bundle 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 basti-cdk 1 neutron 1 lexical-core 1 thelounge 1 @aedart/support 1 ember-source 1 io.jenkins.plugins:gitlab-branch-source 1 nokogiri 1 gitoxide 1 com.typesafe.play:play 1 gitoxide-core 1 virtualenv 1 flarum/framework 1 Werkzeug 1 com.xuxueli:xxl-job-core 1 org.jenkins-ci.plugins:ghprb 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 org.jenkins-ci.plugins:minio-storage 1 github.com/theupdateframework/go-tuf 1 io.jenkins:configuration-as-code 1 com.programmingresearch:prqa-plugin 1 org.jenkins-ci.plugins:publish-over-ssh 1 connect 1 org.jenkins-ci.plugins:parameterized-trigger 1 org.jenkins-ci.plugins:cloudshare-docker 1 org.jvnet.hudson.plugins:ftppublisher 1 org.jvnet.hudson.plugins:bugzilla 1 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 1 org.jvnet.hudson.plugins:ircbot 1 teler.app 1 python-keystoneclient 1 starlette 1 hudson.plugins.octopusdeploy:octopusdeploy 1 org.jenkins-ci.plugins:coverity 1 org.apache.logging.log4j:log4j 1 org.apache.logging.log4j:log4j-core 1 org.jenkins-ci.plugins.m2release:m2release 1 ircdkit 1 org.opencastproject:opencast-common-jpa-impl 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/concretecms/concretecms 18 https://github.com/moodle/moodle 17 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/octobercms/october 9 https://github.com/keycloak/keycloak 9 https://github.com/rails/rails 9 https://github.com/etcd-io/etcd 8 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/vyperlang/vyper 7 https://github.com/TYPO3/typo3 7 https://github.com/ethyca/fides 6 https://github.com/nodejs/undici 6 https://github.com/bytecodealliance/wasmtime 6 https://github.com/baserproject/basercms 5 https://github.com/jenkinsci/jenkins 5 https://github.com/kubernetes/kubernetes 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/rack/rack 5 https://github.com/indutny/elliptic 5 https://github.com/puppetlabs/puppet 5 https://github.com/helm/helm 5 https://github.com/authzed/spicedb 5 https://github.com/shopware/shopware 4 https://github.com/silverstripe/silverstripe-framework 4 https://github.com/wintercms/winter 4 https://github.com/apache/tomcat 4 https://github.com/mattermost/mattermost 4 https://github.com/electron/electron 4 https://github.com/vantage6/vantage6 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/vaadin/platform 4 https://github.com/cilium/cilium 4 https://github.com/matrix-org/synapse 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/CVEProject/cvelist 3 https://github.com/openstack/keystone 3 https://github.com/wagtail/wagtail 3 https://github.com/apache/airflow 3 https://github.com/vaadin/flow 3 https://github.com/digitalbazaar/forge 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/Byron/gitoxide 3 https://github.com/opencontainers/runc 3 https://github.com/nautobot/nautobot 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/symfony/symfony 3 https://github.com/zenml-io/zenml 3 https://github.com/nervosnetwork/ckb 3 https://github.com/pyca/cryptography 3 https://github.com/ansible/ansible 3 https://github.com/openstack/glance 2 https://github.com/sigstore/cosign 2 https://github.com/octoprint/octoprint 2 https://github.com/openstack/horizon 2 https://github.com/hashicorp/nomad 2 https://github.com/apache/druid 2 https://github.com/cometbft/cometbft 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/librenms/librenms 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/statamic/cms 2 https://github.com/ceph/ceph-deploy 2 https://github.com/schokokeksorg/freewvs 2 https://github.com/ntbosscher/gobase 2 https://github.com/gradio-app/gradio 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/rust-lang/cargo 2 https://github.com/zopefoundation/Zope 2 https://github.com/aio-libs/aiohttp 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/apache/activemq 2 https://github.com/mutagen-io/mutagen 2 https://github.com/nextauthjs/next-auth 2 https://github.com/matrix-org/vodozemac 2 https://github.com/nats-io/nats-server 2 https://github.com/bcgit/bc-java 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/containerd/containerd 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/parse-community/parse-server 2 https://github.com/micromatch/braces 2 https://github.com/craftcms/cms 2 https://github.com/quarkusio/quarkus 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/agnaistic/agnai 2 https://github.com/saltstack/salt 2 https://github.com/aws/s2n-quic 2 https://github.com/apollographql/apollo-server 2 https://github.com/moby/moby 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/goharbor/harbor 2 https://github.com/microweber/microweber 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/answerdev/answer 2 https://github.com/GilaCMS/gila 2 https://github.com/flarum/framework 2 https://github.com/jetty/jetty.project 2 https://github.com/langchain-ai/langchain 1 https://github.com/yourls/yourls 1 https://github.com/spring-projects/spring-framework 1 https://github.com/sigstore/sigstore-go 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/moment/moment-timezone 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/mportuga/eslint-detailed-reporter 1 https://github.com/jenkinsci/parameterized-trigger-plugin 1 https://github.com/bbatsov/rubocop 1 https://github.com/apache/maven-archetype 1 https://github.com/petergoldstein/dalli 1 https://github.com/syncthing/syncthing 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/pterodactyl/panel 1 https://github.com/auth0/lock 1 https://github.com/ipython/ipython 1 https://github.com/ckeditor/ckeditor4 1 https://github.com/artifacthub/hub 1 https://github.com/ConsenSys/discovery 1 https://github.com/waycrate/swhkd 1 https://github.com/alex/rply 1 https://github.com/encode/starlette 1 https://github.com/Icinga/ipl-web 1 https://github.com/cloudflare/tableflip 1 https://github.com/sjwall/mdx-mermaid 1 https://github.com/paragonie/random_compat 1 https://github.com/mautic/mautic 1 https://github.com/visionmedia/debug 1 https://github.com/node-js-libs/cli 1 https://github.com/octokit/octopoller.rb 1 https://github.com/DataDog/dd-trace-php 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/louislam/uptime-kuma 1 https://github.com/npm/npm-user-validate 1 https://github.com/jenkinsci/coverity-plugin 1 https://github.com/wiremock/wiremock 1 https://github.com/aedart/ion 1 https://github.com/kimai/kimai 1 https://github.com/actions/toolkit 1 https://github.com/SteeltoeOSS/security-advisories 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/personnummer/python 1 https://github.com/jenkinsci/gitlab-branch-source-plugin 1 https://github.com/risc0/risc0 1 https://github.com/wasmerio/wasmer 1 https://github.com/jenkinsci/meliora-testlab-plugin 1 https://github.com/huandu/facebook 1 https://github.com/grpc/grpc-go 1 https://github.com/Qiskit/qiskit-ibm-runtime 1 https://github.com/slsa-framework/slsa-verifier 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/jenkinsci/support-core-plugin 1 https://github.com/RhinoSecurityLabs/CVEs 1 https://github.com/evmos/evmos 1 https://github.com/screetsec/VDD 1 https://github.com/xuxueli/xxl-job 1 https://github.com/tailscale/tailscale 1 https://github.com/visionmedia/send 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/DSpace/DSpace 1 https://github.com/Katello/katello 1 https://github.com/urllib3/urllib3 1 https://github.com/octokit/octokit.rb 1 https://github.com/isaacs/chownr 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/apache/lucene-solr 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/IncludeSecurity/safeurl-python 1 https://github.com/gayanhewa/sailsjs-cacheman 1 https://github.com/ethereum/web3.js 1 https://github.com/tektoncd/pipeline 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/DataDog/datadog-api-client-java 1 https://github.com/fluture-js/fluture-node 1 https://github.com/tendermint/tendermint 1 https://github.com/njmbb8/CVE-2024-42850 1 https://github.com/croogo/croogo 1 https://github.com/aws/s2n-tls 1 https://github.com/passbolt/passbolt_api 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/rails/globalid 1 https://github.com/CosmWasm/wasmd 1 https://github.com/umbraco/Umbraco.Forms.Issues 1 https://github.com/python-pillow/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1