Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1wcHg1LXEzNTktcHZ3as4AA7UK
vyper's range(start, start + N) reverts for negative numbers
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS14Y2hxLXc1cjMtNHdnM84AA7UJ
vyper performs incorrect topic logging in raw_log
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS1yNTZ4LWo0Mzgtdnc1bc4AA7UI
vyper performs double eval of the slice args when buffer from adhoc locations
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS0zd2hxLTY0cTItcWZqNs4AA7UH
vyper performs double eval of raw_args in create_from_blueprint
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS1tMnY5LXczNzQtNWhqOc4AA7UG
vyper default functions don't respect nonreentrancy keys
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS01anJqLTUyeDgtbTY0aM4AA7UF
vyper performs double eval of the argument of sqrt
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS03ajdqLTY2Y3YtbTIzOc4AA7UD
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Jberet: jberet-core logging database credentials
Ecosystems: maven
Packages: org.jberet:jberet-core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1tdjY0LTg2ZzgtY3FxN84AA7Tz
Quarkus: security checks in resteasy reactive may trigger a denial of service
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS0yNXc0LWhmcWctNHI1Ms4AA7T0
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Ecosystems: maven
Packages: io.quarkus:quarkus-resteasy-reactive-common, io.quarkus:quarkus-resteasy-reactive-common-deployment
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1jM3d2LXFtamotNDVyNs4AA7S8
Information disclosure in podman
Ecosystems: go
Packages: github.com/containers/podman/v2
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1yNzZnLWc4N2Ytdnc4Zs4AA7Sk
Kubelet Incorrect Privilege Assignment
Ecosystems: go
Packages: k8s.io/kubernetes/cmd/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS01eGZnLXd2OTgtMjY0bc4AA7Sj
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS01eDk2LWo3OTctNXFxd84AA7Si
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS01NXFqLWdqM3gtanE5cs4AA7Sg
Denial of service in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes/pkg/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0zM2M1LTlmeDUtZnZqbc4AA7Sf
Privilege Escalation in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case Sensitivity
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yODdmLTQ2ajctajR3aM4AA7R8
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Ecosystems: nuget
Packages: Plumber.Workflow, Umbraco.Workflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS12andnLTI4Z3YtcG04aM4AA7R7
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooks
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1ycWd2LTI5MnYtNXFncs4AA7QK
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zbXBmLXJjYzctNTM0N84AA7QJ
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tdzgyLTZtMmctcWg2Y84AA7PU
Sylius Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0ybW03LXg1aDYtNXB2cc4AA7PS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC
Apache Answer: XSS vulnerability when changing personal website
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1teDNwLWZocHcteDZyds4AA7NP
TCPDF vulnerable to Regular Expression Denial of Service
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfaces
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qNjI4LXE4ODUtOGdyNc4AA7I-
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Blind SSRF Leads to Port Scan by using Webhooks
Ecosystems: nuget
Packages: Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yNTJoLWZqbTctOTNqOM4AA7I0
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: com.blazemeter.plugins:BlazeMeterJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakage
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespaces
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1tcjgyLThqODMtdnhtds4AA6-j
Pydantic regular expression denial of service
Ecosystems: pypi
Packages: pydantic
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12aDJtLTIyeHgtcTk0Zs4AA6-B
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Ecosystems: nuget
Packages: OpenTelemetry.Instrumentation.AspNetCore, OpenTelemetry.Instrumentation.Http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03OXZ2LXZwMzItZ3BwN84AA68L
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Ecosystems: maven
Packages: org.apache.kafka:kafka-metadata
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leaked
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1qMnI2LXI5MjktdjZnZs4AA63s
XWiki Platform CSRF in the job scheduler
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12NzgyLXhyNHctM3ZxeM4AA63m
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q
mysql2 cache poisoning vulnerability
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p
mysql2 vulnerable to Prototype Poisoning
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1xbXIzLTUyeGYtd21oeM4AA6yr
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS13dnhjLTg1NWYtanZyds4AA6y0
Azure Identity Library for .NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Azure.Identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1ycnZmLTV3NHItM3g3ds4AA6wc
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-interpreter
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1nNDRtLXg1aDctZnI1cc4AA6wa
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS02NjIzLWM2bXItNjczN84AA6vz
Apache Zeppelin: Denial of service with invalid notebook name
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1tNjVjLXdtdzktdm1wcM4AA6v0
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1ycjU5LWg2cmgtdjg0ds4AA6vw
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Ecosystems: maven
Packages: org.apache.zeppelin:sap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1wcnZnLXJoNWgtNzRqcs4AA6vx
Apache Zeppelin CSRF vulnerability in the Credentials page
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-web
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1nNjRyLXhmMzktcTRwNc4AA6vv
Apache Zeppelin Path Traversal vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1yOTU2LTI1NTMtdnZocs4AA6sD
React Native Sms User Consent Intent Redirection Vulnerability
Ecosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo
Grafana: Users outside an organization can delete a snapshot with its key
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0ycDJ4LXA3d2otajVoMs4AA6qU
PsiTransfer: File integrity violation
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV
PsiTransfer: Violation of the integrity of file distribution
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1xNmNwLXFmd3EtNGdjds4AA6qI
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any user
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB
Mattermost Server doesn't limit the number of user preferences
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS13Njd2LXBoNHgtZjQ4cc4AA6p_
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Mattermost fails to authenticate the source of certain types of post actions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS00djd4LXBxeGYtY3g3bc4AA6pf
net/http, x/net/http2: close connections when receiving too many headers
Ecosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 22 days ago
Statistics
Advisories: 18,139
Packages: 8,241
Repositories: 2,424
Ecosystems: 12
Filter by Severity
Moderate 7,815 High 6,287 Critical 2,787 Low 966
Filter by Ecosystem
maven 2,546 packagist 2,135 pypi 1,652 npm 1,055 go 865 nuget 537 rubygems 371 cargo 260 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 243 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 49 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 39 drupal/core 35 showdoc/showdoc 34 concrete5/concrete5 34 plone 34 librenms/librenms 32 ansible 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 symfony/symfony 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 drupal/drupal 27 craftcms/cms 26 com.liferay.portal:release.portal.bom 25 silverstripe/framework 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 github.com/grafana/grafana 23 Plone 22 baserproject/basercms 22 github.com/answerdev/answer 21 k8s.io/kubernetes 20 org.apache.struts:struts2-core 20 grumpydictator/firefly-iii 19 shopware/platform 18 froxlor/froxlor 18 shopware/shopware 18 matrix-synapse 18 rdiffweb 18 nilsteampassnet/teampass 18 remdex/livehelperchat 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 vyper 15 github.com/argoproj/argo-cd/v2 14 nokogiri 14 yetiforce/yetiforce-crm 14 puppet 14 prestashop/prestashop 14 com.jfinal:jfinal 13 mautic/core 13 shopware/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 Pillow 13 io.undertow:undertow-core 13 org.xwiki.platform:xwiki-platform-oldcore 13 tribalsystems/zenario 12 github.com/hashicorp/vault 12 github.com/hashicorp/consul 12 org.apache.solr:solr-core 12 github.com/goharbor/harbor 12 tinymce 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 nova 12 github.com/docker/docker 12 DotNetNuke.Core 11 genix/cms 11 org.keycloak:keycloak-parent 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 getgrav/grav 11 github.com/hashicorp/nomad 11 github.com/cilium/cilium 11 org.eclipse.jetty:jetty-server 10 wallabag/wallabag 10 salt 10 pyftpdlib 10 ec-cube/ec-cube 10 org.springframework:spring-core 10 PaddlePaddle 10 github.com/ethereum/go-ethereum 10 notebook 10 @openzeppelin/contracts 10 @openzeppelin/contracts-upgradeable 10 helm.sh/helm/v3 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 org.apache.jspwiki:jspwiki-war 10 lavalite/cms 10 org.springframework.security:spring-security-core 10 neutron 10 fat_free_crm 10 contao/core-bundle 10 github.com/containerd/containerd 10 github.com/greenpau/caddy-security 10 org.apache.nifi:nifi 10 activesupport 10 joplin 10 typo3/cms-backend 10 org.igniterealtime.openfire:parent 9 glance 9 publify_core 9 ghost 9 org.mortbay.jetty:jetty 9 angular 9 rack 9 code.gitea.io/gitea 9 org.opencrx:opencrx-core-models 9 rubygems-update 9 ckeditor4 9 zendframework/zendframework1 9 directus 9 TinyMCE 9 swagger-ui 9 org.jenkins-ci.plugins:git 9 gogs.io/gogs 9 tinymce/tinymce 9 jquery-rails 9 cakephp/cakephp 9 actionview 8 org.opencms:opencms-core 8 github.com/openfga/openfga 8 centreon/centreon 8 simplesamlphp/simplesamlphp 8 wasmtime 8 org.apache.activemq:activemq-client 8 org.jenkins-ci.plugins:script-security 8 Microsoft.ChakraCore 8 silverstripe/cms 8 org.bouncycastle:bcprov-jdk14 8 org.jenkins-ci.plugins:electricflow 8 bolt/bolt 8 org.apache.archiva:archiva 8 electron 8 github.com/kubeedge/kubeedge 8 impresscms/impresscms 8 contao/contao 8 rails 8 editor.md 8 rails-html-sanitizer 8 Django 8 bootstrap 8 opencv-python 8 opencv-contrib-python 8 org.webjars.npm:jquery 8 jquery 8 jquery-ui-rails 7 admidio/admidio 7 org.webjars.npm:jquery-ui 7 org.apache.james:james-server 7 org.opennms:opennms 7 aiohttp 7 io.jenkins.blueocean:blueocean 7 org.jenkins-ci.plugins:config-file-provider 7 jQuery.UI.Combined 7 org.apache.cxf:cxf-core 7 org.jenkins-ci.plugins:email-ext 7 validator 7 kevinpapst/kimai2 7 vantage6 7 github.com/mattermost/mattermost-server 7 sylius/sylius 7 org.apache.santuario:xmlsec 7 OctoPrint 7 jquery-ui 7 modoboa 7 wagtail 7 next 7 moin 7 github.com/moby/moby 7 activerecord 7 io.jenkins:configuration-as-code 7 github.com/google/fscrypt 7 pyload-ng 7 phpbb/phpbb 7 silverstripe/admin 7 com.vaadin:flow-server 7 jQuery 7 phpmyfaq/phpmyfaq 7 org.bouncycastle:bcprov-jdk15on 7 org.bouncycastle:bcprov-jdk15 7 org.jenkins-ci.plugins:subversion 7 org.owasp.antisamy:antisamy 7 dompdf/dompdf 6 org.apache.tika:tika 6 org.apache.struts.xwork:xwork-core 6 pimcore/admin-ui-classic-bundle 6 org.jenkins-ci.plugins:jobConfigHistory 6 github.com/traefik/traefik/v2 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 28 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/craftcms/cms 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/spring-projects/spring-framework 21 https://github.com/answerdev/answer 21 https://github.com/snipe/snipe-it 20 https://github.com/concretecms/concretecms 19 https://github.com/apache/activemq 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/livehelperchat/livehelperchat 18 https://github.com/ikus060/rdiffweb 18 https://github.com/argoproj/argo-cd 18 https://github.com/grafana/grafana 18 https://github.com/matrix-org/synapse 17 https://github.com/python-pillow/Pillow 17 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/CVEProject/cvelist 15 https://github.com/vyperlang/vyper 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/froxlor/froxlor 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/getkirby/kirby 13 https://github.com/mautic/mautic 13 https://github.com/octobercms/october 13 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/netty/netty 12 https://github.com/apache/cxf 12 https://github.com/tinymce/tinymce 12 https://github.com/goharbor/harbor 12 https://github.com/PrestaShop/PrestaShop 11 https://github.com/forkcms/forkcms 11 https://github.com/cilium/cilium 11 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/jquery/jquery 10 https://github.com/containerd/containerd 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/liufee/cms 10 https://github.com/vaadin/platform 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/baserproject/basercms 10 https://github.com/helm/helm 10 https://github.com/laurent22/joplin 10 https://github.com/greenpau/caddy-security 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/electron/electron 9 https://github.com/puppetlabs/puppet 9 https://github.com/publify/publify 9 https://github.com/geoserver/geoserver 9 https://github.com/strapi/strapi 9 https://github.com/github/advisory-database 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/apache/nifi 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/rails/rails-html-sanitizer 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/pandao/editor.md 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/bcgit/bc-java 8 https://github.com/hashicorp/consul 8 https://github.com/LavaLite/cms 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/openfga/openfga 8 https://github.com/wallabag/wallabag 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/kubeedge/kubeedge 8 https://github.com/eclipse/jetty.project 8 https://github.com/getgrav/grav 8 https://github.com/TryGhost/Ghost 8 https://github.com/rubygems/rubygems 8 https://github.com/jupyter/notebook 8 https://github.com/directus/directus 8 https://github.com/hashicorp/vault 7 https://github.com/mattermost/mattermost 7 https://github.com/opencv/opencv 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/google/fscrypt 7 https://github.com/nahsra/antisamy 7 https://github.com/vaadin/flow 7 https://github.com/aio-libs/aiohttp 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/traefik/traefik 7 https://github.com/pyload/pyload 7 https://github.com/dolibarr/dolibarr 7 https://github.com/twbs/bootstrap 7 https://github.com/vantage6/vantage6 7 https://github.com/gogs/gogs 7 https://github.com/wagtail/wagtail 7 https://github.com/kevinpapst/kimai2 7 https://github.com/saltstack/salt 7 https://github.com/apache/zeppelin 7 https://github.com/modoboa/modoboa 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/rack/rack 7 https://github.com/backstage/backstage 6 https://github.com/urllib3/urllib3 6 https://github.com/opensearch-project/security 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/croogo/croogo 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/panva/jose 6 https://github.com/parse-community/parse-server 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/cloudflare/cfrpki 6 https://github.com/igniterealtime/Openfire 6 https://github.com/opencast/opencast 6 https://github.com/oroinc/orocommerce 6 https://github.com/neorazorx/facturascripts 6 https://github.com/containers/podman 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/onionshare/onionshare 6 https://github.com/dotnet/runtime 6 https://github.com/cui2shark/security 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/dompdf/dompdf 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/cubefs/cubefs 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/jquery/jquery-ui 6 https://github.com/yiisoft/yii2 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/lief-project/LIEF 5 https://github.com/hashicorp/nomad 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/kivikakk/comrak 5 https://github.com/vapor/vapor 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/admidio/admidio 5 https://github.com/lxml/lxml 5 https://github.com/cloudfoundry/uaa 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/lucene-solr 5 https://github.com/unshiftio/url-parse 5 https://github.com/openstack/keystone 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/centreon/centreon-archived 5 https://github.com/Amanieu/parking_lot 5 https://github.com/undertow-io/undertow 5 https://github.com/sulu/sulu 5 https://github.com/rancher/rancher 5 https://github.com/apache/tika 5 https://github.com/cri-o/cri-o 5 https://github.com/hyperium/hyper 5 https://github.com/paritytech/frontier 5 https://github.com/bolt/bolt 5 https://github.com/d4wner/Vulnerabilities-Report 5 https://github.com/Sylius/Sylius 5 https://github.com/etcd-io/etcd 5 https://github.com/puma/puma 5 https://github.com/numpy/numpy 5 https://github.com/apache/superset 5 https://github.com/opencontainers/runc 5 https://github.com/quarkusio/quarkus 5 https://github.com/evershopcommerce/evershop 5 https://github.com/semplon/GeniXCMS 5 https://github.com/apache/dolphinscheduler 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/vercel/next.js 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/kylin 5 https://github.com/ipython/ipython 5 https://github.com/nodejs/undici 5 https://github.com/xuxueli/xxl-job 5 https://github.com/jenkinsci/electricflow-plugin 5