Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS13aGd2LTZqNzgtNXJoMs4AA3vI
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 4 months ago
Low
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File Upload
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS03eDc0LWg4Y3ctcWh4cc4AA3uf
Brute force exploit can be used to collect valid usernames
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zMzV4LTV3Y20tOGp2Ms4AA3ua
Backoffice User can bypass "Publish" restriction
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS14eGM2LTM1cjctNzk2d84AA3uY
Possible injection of HTML into user invite mails
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS13NHg2LWhoM3gtd2pyeM4AA3q0
Stale copy of the public suffix list
Ecosystems: nuget
Packages: Gsemac.Net
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS05OWp2LTgyOTItMmhwbc4AA3pg
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintext
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanism
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 4 months ago
Low
GSA_kwCzR0hTQS12N2hjLTg3amMtcXJycs4AA3l6
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-github
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
Low
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET Agent
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 5 months ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yamptLXgzMnAtbTNmN84AA3C1
gnark's range checker gadget allows wider inputs up to word alignment
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS03MmZwLXc0NGctNjI1cc4AA3BG
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerability
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ocHYzLWY1cDctcHhqOc4AA2rA
Jenkins lambdatest-automation Plugin may expose Credentials access token
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yeHBxLTU5NTItMzh3M84AA2rM
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS04Nmo5LTI1bTItOXc5N84AA2rS
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS04ODU5LXY5anAtY3BoZs4AA2rz
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1oOW13LWdyZ3gtMmZoZs4AA2oM
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Ecosystems: maven
Packages: org.scala-sbt:io_3, org.scala-sbt:io_2.13, org.scala-sbt:io_2.12, org.scala-sbt:sbt
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty reply
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 months ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 6 months ago
Low
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerability
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title property
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerability
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerability
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zZ2g2LXY1djktNnY5as4AA13n
Jetty vulnerable to errant command quoting in CGI Servlet
Ecosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wbXhxLXBqNDctajhqNM4AA1xF
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Ecosystems: pypi, maven
Packages: wiremock, com.github.tomakehurst:wiremock-jre8-standalone, com.github.tomakehurst:wiremock-jre8, org.wiremock:wiremock, org.wiremock:wiremock-standalone
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nNnJ4LTJ3ODQteG1nas4AA1uu
CSRF vulnerability in Jenkins Frugal Testing Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:frugal-testing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1xN3BwLXdjZ3ItcGZmeM4AA1rS
Crash when processing crafted TIFF files
Ecosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS14YzI3LWY5cTMtNDQ0OM4AA1rH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Ecosystems: pypi
Packages: hyper-bump-it
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 8 months ago
Low
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header values
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party Component
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1xNHBwLWozNmgtM2dxZ84AA1e3
Minimal `basti` IAM Policy Allows Shell Access
Ecosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS01cjMzLW1namYtNjY1Ns4AA1Vz
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:tuleap-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1nM3Y2LXI4cDktd3hnOc4AA1Pz
Mattermost fails to correctly delete attachments
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Moq v4.20.0-rc to 4.20.1 share hashed user data
Ecosystems: nuget
Packages: moq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V
pyca/cryptography's wheels include vulnerable OpenSSL
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yeHZqLTVtdjYtajVtY84AA070
Cross-site Scripting in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01amM1LW04N3gtODhmas4AA05e
Secret displayed without masking by Chef Identity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:chef-identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1wNHd3LWo0cHItcXc2cc4AA01M
RuoYi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nNHdnLWNmcGYtOTY4Oc4AA0zn
keylime fails to flag device as untrusted when signature does not validate
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS04aGM2LXc0NG0td2Z4Zs4AA0zl
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dimensionsscm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 427
Ecosystems: 12
Filter by Severity
Moderate 7,470 High 6,100 Critical 2,660 Low 958
Filter by Ecosystem
pypi 428 maven 275 packagist 169 npm 128 go 114 rubygems 48 cargo 38 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 phpmyadmin/phpmyadmin 10 github.com/mattermost/mattermost/server/v8 10 typo3/cms 10 shopware/core 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 rack 6 org.keycloak:keycloak-services 5 sweetalert2 5 helm.sh/helm/v3 5 october/backend 5 undici 5 baserproject/basercms 5 wasmtime 5 ansible 5 electron 4 k8s.io/kubernetes 4 simplesamlphp/simplesamlphp 4 helm.sh/helm 4 typo3/cms-core 4 magento/community-edition 4 github.com/cilium/cilium 4 github.com/mattermost/mattermost-server/v6 4 shopware/shopware 4 com.vaadin:flow-server 4 actionpack 4 org.apache.hive:hive-exec 3 go.etcd.io/etcd 3 bin-links 3 github.com/cosmos/cosmos-sdk 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 @openzeppelin/contracts-upgradeable 3 ethyca-fides 3 ckb 3 node-forge 3 passenger 3 plone 3 cryptography 3 com.vaadin:vaadin-bom 3 nautobot 3 org.graylog2:graylog2-server 3 symfony/symfony 3 tuf 2 silverstripe/framework 2 tools.devnull:build-notifications 2 github.com/authzed/spicedb 2 next-auth 2 github.com/hashicorp/nomad 2 Flask-Security-Too 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 org.jenkins-ci.plugins:azure-ad 2 winter/wn-backend-module 2 pip 2 braces 2 org.jenkins-ci.plugins:artifactory 2 github.com/cometbft/cometbft 2 cargo 2 org.jenkins-ci.plugins:repository-connector 2 go.etcd.io/etcd/client/v3 2 github.com/mattermost/mattermost-plugin-jira 2 s2n-quic 2 wagtail 2 vantage6 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 org.jenkins-ci.plugins:wso2id-oauth 2 Zope 2 activesupport 2 sylius/sylius 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 Pillow 2 org.jenkins-ci.plugins:mercurial 2 node-ipc 2 github.com/answerdev/answer 2 @apollo/server 2 @openzeppelin/contracts 2 craftcms/cms 2 github.com/opencontainers/runc 2 org.apache.activemq:activemq-parent 2 parse-server 2 httplib2 2 microweber/microweber 2 com.ruoyi:ruoyi 2 langchain 2 github.com/ntbosscher/gobase 2 flarum/core 2 OctoPrint 2 october/cms 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 django 2 org.eclipse.jetty:jetty-server 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 Flask-AppBuilder 2 typo3/cms-frontend 2 gilacms/gila 2 apostrophe 1 io.jenkins.plugins:gitlab-branch-source 1 merge-objects 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 keystone 1 lodash 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 com.xuxueli:xxl-job-core 1 virtualenv 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 ascii-art 1 org.eclipse.jetty:jetty-openid 1 type-graphql 1 sulu/sulu 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 io.swagger:swagger-codegen 1 org.jenkins-ci.plugins:snsnotify 1 org.scala-sbt:io_3 1 org.jenkins-ci.plugins:labmanager 1 bigint-money 1 transformers 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 put 1 @node-red/runtime 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 org.springframework.cloud:spring-cloud-contract-shade 1 @diez/generation 1 io.jenkins.plugins:frugal-testing 1 horizon 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/consensys/gnark-crypto 1 seneca 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 github.com/slsa-framework/slsa-verifier 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 admidio/admidio 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 RPLY 1 plone.restapi 1 github.com/flyteorg/flyteadmin 1 zerocopy 1 markdown-link-extractor 1 github.com/containers/podman/v4 1 xmpp-http-upload 1 francoisjacquet/rosariosis 1 personnummer 1 basti-cdk 1 njwt 1 github.com/canonical/lxd 1 rabbit_common 1 @liquity/contracts 1 flarum/framework 1 github.com/slsa-framework/slsa-verifier/v2 1 github.com/Masterminds/goutils 1 Werkzeug 1 hyper 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 es5-ext 1 fast-xml-parser 1 django-basic-auth-ip-whitelist 1 @floffah/build 1 croogo/croogo 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/vyperlang/vyper 7 https://github.com/eclipse/jetty.project 7 https://github.com/matrix-org/synapse 7 https://github.com/octobercms/october 7 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/keycloak/keycloak 6 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/xwiki/xwiki-platform 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/baserproject/basercms 5 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/ansible/ansible 5 https://github.com/jenkinsci/jenkins 5 https://github.com/puppetlabs/puppet 5 https://github.com/kubernetes/kubernetes 4 https://github.com/vaadin/platform 4 https://github.com/TYPO3/typo3 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/symfony/symfony 3 https://github.com/ethyca/fides 3 https://github.com/nervosnetwork/ckb 3 https://github.com/nautobot/nautobot 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/digitalbazaar/forge 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/ntbosscher/gobase 2 https://github.com/parse-community/parse-server 2 https://github.com/httplib2/httplib2 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/GilaCMS/gila 2 https://github.com/octoprint/octoprint 2 https://github.com/microweber/microweber 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/sigstore/cosign 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/wagtail/wagtail 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/authzed/spicedb 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/Sylius/Sylius 2 https://github.com/openstack/keystone 2 https://github.com/cometbft/cometbft 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/opencontainers/runc 2 https://github.com/aio-libs/aiohttp 2 https://github.com/zopefoundation/Zope 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/quarkusio/quarkus 2 https://github.com/flarum/framework 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/aws/s2n-quic 2 https://github.com/craftcms/cms 2 https://github.com/pypa/pip 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/micromatch/braces 2 https://github.com/rust-lang/cargo 2 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/aedart/ion 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/lodash/lodash 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/onionshare/onionshare 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/octokit/octokit.rb 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/go-gitea/gitea 1 https://github.com/brefphp/bref 1 https://github.com/tendermint/tendermint 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/spinacms/spina 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/cloudfoundry/uaa 1 https://github.com/elastic/apm-agent-go 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/admidio/admidio 1 https://github.com/http4s/http4s 1 https://github.com/personnummer/go 1 https://github.com/jenkinsci/azure-ad-plugin 1 https://github.com/Archomeda/Gw2Sharp 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/BohdanPetryshyn/basti 1 https://github.com/jenkinsci/repo-plugin 1 https://github.com/kopia/kopia 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/openstack/nova 1 https://github.com/arguiot/EyeJS 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/npm/npm 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/octokit/octopoller.rb 1 https://github.com/Bouke/django-user-sessions 1 https://github.com/snipe/snipe-it 1 https://github.com/matrix-org/matrix-appservice-irc 1 https://github.com/zestedesavoir/zmarkdown 1 https://github.com/plannigan/hyper-bump-it 1 https://gitlab.com/edneville/please 1 https://github.com/hyperledger-archives/ursa 1 https://github.com/gradle/gradle 1 https://github.com/jenkinsci/aws-device-farm-plugin 1 https://github.com/gogs/gogs 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/karmada-io/karmada 1 https://github.com/python-pillow/Pillow 1 https://github.com/bcgit/bc-java 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/tokio-rs/tokio 1 https://github.com/waycrate/swhkd 1 https://github.com/ConsenSys/discovery 1 https://github.com/personnummer/dart 1 https://github.com/magento/magento2 1 https://github.com/jaraco/keyring 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/alex/rply 1 https://github.com/line/armeria 1 https://github.com/argoproj/argo-workflows 1 https://github.com/visionmedia/debug 1 https://github.com/containers/podman 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/node-js-libs/cli 1 https://github.com/disintegration/imaging 1 https://github.com/mapfish/mapfish-print 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1