Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1nNHdnLWNmcGYtOTY4Oc4AA0zn
keylime fails to flag device as untrusted when signature does not validate
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS04aGM2LXc0NG0td2Z4Zs4AA0zl
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dimensionsscm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01OHF3LXA3cW0tNXJ2aM4AA0ib
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-xml
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS02ZzJ3LTI1N3YtM2M5Zs4AA0hB
Apache Camel information exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-jira
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu
Winter CMS stored XSS through privileged upload of SVG file
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS0ycTRwLWY2Z2YtbXFyNc4AA0Xn
Graylog server has partial path traversal vulnerability in Support Bundle feature
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queries
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zZnFtLWZyaGctN2M4Nc4AA0Xl
Graylog user session is still usable after logout
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS13NXc1LTI4ODItNDdwY84AA0KY
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nOTh2LWh2M2YtaGNmcs4AA0KD
atty potential unaligned read
Ecosystems: cargo
Packages: atty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNzN3LXJqODQtcHY2eM4AA0In
SafeURL-Python's hostname blocklist does not block FQDNs
Ecosystems: pypi
Packages: SafeURL-Python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 10 months ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMD
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jaDQ4LTlyM3EtcHY3eM4AAz_0
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Ecosystems: maven
Packages: com.vaadin:vaadin, com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qaHByLWo3Y3EtM2pwM84AAz_s
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 months ago
Low
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecure
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1nM2hoLXE1NWYtOWczd84AAzvf
RuoYi Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xZmM1LTZyM2otamoyMs4AAzmA
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS12NWd3LW13N2YtODRweM4AAzXu
Starlette has Path Traversal vulnerability in StaticFiles
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS1ncXhyLWh2cnctNmhmaM4AAzWv
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zcDRnLXJjdzUtODI5OM4AAzUC
etcd Key name can be accessed via LeaseTimeToLive API
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 months ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 12 months ago
Low
GSA_kwCzR0hTQS1md2o0LTcyZm0tYzkzZ84AAzGI
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Ecosystems: go
Packages: github.com/mutagen-io/mutagen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decorator
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mZ3hqLWc3eDMtODVjcc4AAzA6
Stored cross site scripting in RSS displayer
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 12 months ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 12 months ago
Low
GSA_kwCzR0hTQS13OW1yLTI4bXctajhoZ84AAy-4
Hop-by-hop abuse to malform header mutator
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: almost 1 year ago
Low
GSA_kwCzR0hTQS03eDZxLTN2M20tY3dqZ84AAy8N
kiwi TCMS has possibility for user to update email address to unverified one
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xNTVjLWhtcGYtNmgyZ84AAy4x
AzuraCast/AzuraCast vulnerable to cross-site scripting
Ecosystems: packagist
Packages: azuracast/azuracast
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMjZnLTk3bTQtNnE3Y84AAy3M
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xOWhtLWhyODktaGdtN84AAyuh
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nNDcyLWY4Y20tOHg1Zs4AAyuN
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results page
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jMzN3LTI0cDktOG0yNM4AAygl
configobj ReDoS exploitable by developer using values in a server-side configuration file
Ecosystems: pypi
Packages: configobj
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOGNnLXhjMnAtcjNmY84AAydr
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yNHd2LW12NW0teHY0aM4AAyUq
redis-py Race Condition vulnerability
Ecosystems: pypi
Packages: redis
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13cDcyLTdoajktNTI2Nc4AAyUI
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oMndnLTgzZmMteHZtOc4AAyMw
Answer vulnerable to Business Logic Errors
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG
Information disclosure through error stack traces related to agents
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ZnF2LW1wajgtaDdnbc4AAx5N
Lemur subject to insecure random generation
Ecosystems: pypi
Packages: lemur
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02cThtLTQycXEtNjRyN84AAx4s
Imperative CLI vulnerable to Command Injection
Ecosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qNzVyLXZmNjQtNnJyaM4AAxzY
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive-common
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tYzhoLThxOTgtZzVocs4AAxzW
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: remove_dir_all
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1weDZ2LTZqaGYtajQ2cs4AAxqD
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:synopsys-coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1weDhoLTZxeHYtbTIycc4AAxpo
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMmdtLWZmcjMtdzJ4d84AAxfS
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mamo0LTJxNzMtanZnY84AAxfR
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNGc0LXdncmgtcXJnMs4AAxeb
Panic due to malformed WALs in go.etcd.io/etcd
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS12cTIzLWh3ZzctaHhyaM4AAwfq
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Ecosystems: nuget
Packages: EnumStringValues
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Statistics
Advisories: 17,859
Packages: 8,198
Repositories: 429
Ecosystems: 12
Filter by Severity
Moderate 7,671 High 6,206 Critical 2,736 Low 964
Filter by Ecosystem
pypi 429 maven 277 packagist 170 npm 127 go 116 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 phpmyadmin/phpmyadmin 10 typo3/cms 10 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 vyper 7 matrix-synapse 7 puppet 6 Umbraco.CMS 6 rack 6 helm.sh/helm/v3 5 org.keycloak:keycloak-services 5 october/backend 5 ansible 5 k8s.io/kubernetes 5 undici 5 sweetalert2 5 wasmtime 5 baserproject/basercms 5 actionpack 4 simplesamlphp/simplesamlphp 4 github.com/cilium/cilium 4 helm.sh/helm 4 github.com/mattermost/mattermost-server/v6 4 typo3/cms-core 4 shopware/shopware 4 electron 4 magento/community-edition 4 com.vaadin:flow-server 4 com.vaadin:vaadin-bom 3 passenger 3 go.etcd.io/etcd 3 org.apache.hive:hive 3 bin-links 3 plone 3 @openzeppelin/contracts-upgradeable 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 org.graylog2:graylog2-server 3 ckb 3 nautobot 3 symfony/symfony 3 ethyca-fides 3 node-forge 3 github.com/cosmos/cosmos-sdk 3 cryptography 3 github.com/hashicorp/nomad 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 gilacms/gila 2 org.jenkins-ci.plugins:ec2 2 Pillow 2 @apollo/server 2 @openzeppelin/contracts 2 github.com/opencontainers/runc 2 org.apache.activemq:activemq-parent 2 craftcms/cms 2 tools.devnull:build-notifications 2 github.com/answerdev/answer 2 silverstripe/framework 2 next-auth 2 github.com/authzed/spicedb 2 org.jenkins-ci.plugins:azure-ad 2 winter/wn-backend-module 2 braces 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 org.jenkins-ci.plugins:mercurial 2 Flask-Security-Too 2 node-ipc 2 tuf 2 pip 2 typo3/cms-frontend 2 OctoPrint 2 grumpydictator/firefly-iii 2 com.ruoyi:ruoyi 2 aiohttp 2 org.xwiki.platform:xwiki-platform-oldcore 2 symfony/security-http 2 october/cms 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 github.com/cometbft/cometbft 2 flarum/core 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:repository-connector 2 langchain 2 s2n-quic 2 cargo 2 github.com/ntbosscher/gobase 2 org.jenkins-ci.plugins:artifactory 2 sylius/sylius 2 django 2 vantage6 2 Zope 2 parse-server 2 Flask-AppBuilder 2 wagtail 2 activesupport 2 microweber/microweber 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 org.jenkins-ci.plugins:wso2id-oauth 2 org.eclipse.jetty:jetty-server 2 github.com/mattermost/mattermost-plugin-jira 2 httplib2 2 github.com/Masterminds/goutils 1 io.swagger:swagger-codegen 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 @liquity/contracts 1 hyper 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 es5-ext 1 io.jenkins.plugins:tuleap-oauth 1 fast-xml-parser 1 github.com/nats-io/nats-server/v2 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/oauth2-proxy/oauth2-proxy 1 wiremock 1 horizon 1 @diez/generation 1 org.jenkins-ci.plugins:openshift-deployer 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.keycloak:keycloak-core 1 org.scala-sbt:sbt 1 org.wiremock:wiremock 1 org.scala-sbt:io_2.12 1 org.wiremock:wiremock-standalone 1 rabbit_common 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_3 1 org.jenkins-ci.plugins:snsnotify 1 zod 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 transformers 1 @node-red/runtime 1 org.springframework.cloud:spring-cloud-contract-shade 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 github.com/containers/podman/v4 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/vyperlang/vyper 7 https://github.com/eclipse/jetty.project 7 https://github.com/matrix-org/synapse 7 https://github.com/octobercms/october 7 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/keycloak/keycloak 6 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/kubernetes/kubernetes 5 https://github.com/helm/helm 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/baserproject/basercms 5 https://github.com/ansible/ansible 5 https://github.com/nodejs/undici 5 https://github.com/jenkinsci/jenkins 5 https://github.com/puppetlabs/puppet 5 https://github.com/TYPO3/typo3 4 https://github.com/vaadin/platform 4 https://github.com/apache/tomcat 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/symfony/symfony 3 https://github.com/ethyca/fides 3 https://github.com/nervosnetwork/ckb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/nautobot/nautobot 3 https://github.com/digitalbazaar/forge 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/ntbosscher/gobase 2 https://github.com/parse-community/parse-server 2 https://github.com/httplib2/httplib2 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/GilaCMS/gila 2 https://github.com/octoprint/octoprint 2 https://github.com/microweber/microweber 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/sigstore/cosign 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/wagtail/wagtail 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Sylius/Sylius 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/openstack/keystone 2 https://github.com/cometbft/cometbft 2 https://github.com/authzed/spicedb 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/opencontainers/runc 2 https://github.com/aio-libs/aiohttp 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/zopefoundation/Zope 2 https://github.com/flarum/framework 2 https://github.com/quarkusio/quarkus 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/aws/s2n-quic 2 https://github.com/craftcms/cms 2 https://github.com/pypa/pip 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/rust-lang/cargo 2 https://github.com/micromatch/braces 2 https://github.com/aedart/ion 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/onionshare/onionshare 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/octokit/octokit.rb 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/go-gitea/gitea 1 https://github.com/brefphp/bref 1 https://github.com/tendermint/tendermint 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/spinacms/spina 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/elastic/apm-agent-go 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/personnummer/go 1 https://github.com/admidio/admidio 1 https://github.com/http4s/http4s 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/jenkinsci/azure-ad-plugin 1 https://github.com/Archomeda/Gw2Sharp 1 https://github.com/BohdanPetryshyn/basti 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/openstack/nova 1 https://github.com/arguiot/EyeJS 1 https://github.com/derbyjs/derby 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/npm/npm 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/jenkinsci/repo-plugin 1 https://github.com/octokit/octopoller.rb 1 https://github.com/Bouke/django-user-sessions 1 https://github.com/snipe/snipe-it 1 https://github.com/matrix-org/matrix-appservice-irc 1 https://github.com/zestedesavoir/zmarkdown 1 https://github.com/plannigan/hyper-bump-it 1 https://gitlab.com/edneville/please 1 https://github.com/hyperledger-archives/ursa 1 https://github.com/gradle/gradle 1 https://github.com/jenkinsci/aws-device-farm-plugin 1 https://github.com/gogs/gogs 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/karmada-io/karmada 1 https://github.com/python-pillow/Pillow 1 https://github.com/bcgit/bc-java 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/tokio-rs/tokio 1 https://github.com/waycrate/swhkd 1 https://github.com/ConsenSys/discovery 1 https://github.com/personnummer/dart 1 https://github.com/magento/magento2 1 https://github.com/jaraco/keyring 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/alex/rply 1 https://github.com/line/armeria 1 https://github.com/argoproj/argo-workflows 1 https://github.com/visionmedia/debug 1 https://github.com/containers/podman 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/node-js-libs/cli 1 https://github.com/disintegration/imaging 1 https://github.com/mapfish/mapfish-print 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/Consensys/gnark-crypto 1