Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00ZjQ4LXFwY2gtNHBweM4AAxZ5
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1xM2M4LTY1cTctOXY3OM4AAxZt
Cross site scripting in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1yd2h3LTZjNnItMjgyM84AAxZ3
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tcnF4LW1qYzQtdmZoM84AAxYc
wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1xd3g4LW14eHgtbWc5Ns4AAxYb
wallabag contains Improper Authorization via export feature
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02MjZxLXY5ajQtbWNwNM4AAxYW
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: openzeppelin-cairo-contracts
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xMmpmLWg5am0tbTdwNM4AAxVW
Django contains Uncontrolled Resource Consumption via cached header
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO
Symfony storing cookie headers in HttpCache
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0yMmo0LXFjNDgtajhmOM4AAxUh
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1oNDVmLXJqdnctMnJ2Ms4AAxUc
Withdrawn: wallabag subject to Improper Authorization
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xOXA1LXcydjktNnd4Zs4AAxUe
Apache InLong contains Out-of-bounds Read vulnerability
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14cnczLXdxcGgtM2Z4Z84AAxUd
Withdrawn: wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wajk3LXI4M3Ytdmo3Zs4AAxT0
Microweber contains Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12cDJ4LTNtYzMtM2NqNM4AAxTK
Path traversal in ubi-reader
Ecosystems: pypi
Packages: ubi-reader
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yeDc2LXh3MzUtNnJoOM4AAxTJ
Apache Linkis vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-
http-cache-semantics vulnerable to Regular Expression Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:http-cache-semantics, http-cache-semantics
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yNGhnLTRjcHEtcTU3Y84AAxS9
jSuites subect to Cross-site Scripting
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1wcDR3LTl4ODItNnI0N84AAxRm
Apache IoTDB contains Improper Authentication
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS12cXFtLWM5Z3gtNzczcc4AAxPr
Froxlor contains Business Logic Errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13N3c0LXFqZ2ctMzcyeM4AAxPp
Froxlor contains Static Code Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0zY2h3LThqcTItdzc2Oc4AAxPn
Froxlor contains Unchecked Error Condition
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0zNmZoLTg0ajctY3Y1aM4AAxPh
JSZip contains Path Traversal via loadAsync
Ecosystems: npm
Packages: jszip
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wbTcyLTI3bWctZmMyOM4AAxPg
Froxlor contains Weak Password Requirements
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS05bXE0LTk1NTYtNnF4cc4AAxPf
NYUCCL psiTurk vulnerable to Improper Neutralization of Special Elements
Ecosystems: pypi
Packages: psiTurk
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
safeurl-python contains Server-Side Request Forgery
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX
Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zcDczLW1tN3YtNGY2bc4AAxOW
DoS vulnerability in MaliciousCode filter
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13Y202LXd2OTUtN2p3Ns4AAxNP
Cross-site Scripting in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qOHg3LXFjdzQteHg4Nc4AAxM5
Cross-site Scripting (XSS) in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zcHByLTcyeDUteDY3cc4AAxKF
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:mstest
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS01eHBjLWM0eHYtN3c2Ms4AAxJS
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:pwauth
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xZ2pxLWhyaGctZjI0aM4AAxJr
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jY2Y0LTloamMteHhjNM4AAxJz
Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04N3JoLXdjODUteHF2Y84AAxJ9
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02ajI3LTN4ZnctY2oyd84AAxJ_
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tajYyLW02M3gtbWg4NM4AAxJy
Open redirect vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yM2dtLWp3ZjQteGd2Ms4AAxJ7
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1oY3ZmLXBmcm0tanhnZs4AAxJt
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark-notifier-plugin
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00eDY1LTRmangtcjdtNs4AAxJ4
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-pr-coverage-status
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02aHc3LXg4NnYtd3JnZs4AAxJp
Passwords stored in plain text by Jenkins view-cloner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view-cloner
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05andoLXF2ZzctZ3I1Oc4AAxJ0
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS14cjhoLXdqNHYtcng3Zs4AAxJR
Missing permission check in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02ODVqLTM2cXgtM3ZwMs4AAxJ2
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0yanB4LWg4ajItZzhtNM4AAxJW
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05NWpxLTI0Y3ItcGdycc4AAxJV
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Ecosystems: maven
Packages: com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1wY2MyLXc2bTgteDV3NM4AAxJ6
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04bW1oLWg0amgtMmczNM4AAxJP
Path Traversal in Jenkins visualexpert Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:visualexpert
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02N3c0LXc4NzctanYyOc4AAxJq
Missing permission check in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05d3JyLTRyOXYtMjZ4Y84AAxJe
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zdzl3LTk4MzMtZ2Nwds4AAxJI
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Ecosystems: nuget
Packages: directxtex_uwp, directxtex_desktop_win10, directxtex_desktop_2019, directxtex_desktop_2017
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04ZmNqLWdmNzctNDdtZ84AAxJB
Denial of service (DoS) when processing Git credentials
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xNzY0LWc2Zm0tNTU1ds4AAxIk
Path traversal in spotipy
Ecosystems: pypi
Packages: spotipy
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS05YzY0LXgzY3gtdmdtbc4AAxIH
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0yeDQ4LXA2Y3EtNXhjd84AAxHY
Path Traversal in github.com/go-sonic/sonic
Ecosystems: go
Packages: github.com/go-sonic/sonic
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1tNGNoLXJmdjUteDVnM84AAxHC
git2-rs fails to verify SSH keys by default
Ecosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03cDhtLTIyaDQtOXBqN84AAxG4
scs-library-client may leak user credentials to third-party service via HTTP redirect
Ecosystems: go
Packages: github.com/sylabs/scs-library-client
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS02dmY2LWczcHItajgzaM4AAxFw
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1obTdmLXJxN3Etajl4cM4AAxFC
@builder.io/qwik vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1nMjk4LTU5cGctOTNoN84AAxEv
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validation
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12OWdqLTVyZ3AtdzMzcs4AAxEi
Modoboa is vulnerable to Cross-Site Request Forgery
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04OTRjLXJnN2YtM2M2Ms4AAxAt
pgAdmin 4 Open Redirect vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1jaGdjLXJxanItNDZnZ84AAxAo
Cross Site Scripting in simplesamlphp-module-openidprovider
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openidprovider
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS05Zjg4LXdnNXItOTQ3as4AAw_i
Apache Superset vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03OXg1LWN2NzktNDlyas4AAw_k
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1jeHZwLTNmcm0tMzg3Ns4AAw_h
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1mcG1yLXFtZ2gtNDJ4Ms4AAw_p
Apache Superset vulnerable to Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS04ZjVqLW1neDktNWhtNc4AAw_n
Apache Superset has Improper Access Control
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1mY2c0LXBtNmgtOXh4Ms4AAw_q
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS14cDNnLTI3MjktcnhtM84AAw_b
Froxlor is vulnerable to path traversal
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS13NDc1LTc0OWgtYzc3bc4AAw_U
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Filter by Package
tensorflow 200 tensorflow-gpu 189 tensorflow-cpu 189 org.jenkins-ci.main:jenkins-core 83 microweber/microweber 46 org.apache.tomcat:tomcat 44 github.com/usememos/memos 41 actionpack 35 showdoc/showdoc 30 pimcore/pimcore 30 typo3/cms-core 29 org.keycloak:keycloak-core 26 django 25 ansible 23 apache-airflow 22 snipe/snipe-it 22 librenms/librenms 17 rdiffweb 17 moodle/moodle 17 remdex/livehelperchat 17 org.elasticsearch:elasticsearch 16 typo3/cms 16 rails 16 apache-superset 16 shopware/platform 15 org.apache.struts:struts2-core 15 yetiforce/yetiforce-crm 14 silverstripe/framework 14 org.springframework:spring-core 13 Plone 13 com.thoughtworks.xstream:xstream 12 Pillow 12 concrete5/concrete5 12 thorsten/phpmyfaq 12 froxlor/froxlor 12 io.undertow:undertow-core 12 shopware/shopware 12 feehi/feehicms 11 rails-html-sanitizer 11 org.keycloak:keycloak-parent 11 grumpydictator/firefly-iii 11 org.apache.nifi:nifi 11 shopware/core 11 matrix-synapse 11 fat_free_crm 11 org.apache.jspwiki:jspwiki-main 11 dolibarr/dolibarr 11 com.vaadin:vaadin-bom 11 marked 10 cakephp/cakephp 10 github.com/goharbor/harbor 10 github.com/ethereum/go-ethereum 10 org.apache.tomcat.embed:tomcat-embed-core 10 pyftpdlib 10 tribalsystems/zenario 9 org.apache.solr:solr-core 9 notebook 9 intelliants/subrion 9 getkirby/cms 9 swagger-ui 9 org.springframework.security:spring-security-core 9 org.apache.activemq:activemq-client 9 org.apache.jspwiki:jspwiki-war 9 rack 9 org.apache.cxf:cxf-core 8 org.jenkins-ci.plugins:git 8 mautic/core 8 wasmtime 8 actionview 8 nokogiri 8 craftcms/cms 8 publify_core 8 github.com/kubeedge/kubeedge 8 tinymce 8 activerecord 8 opencv-python 8 opencv-contrib-python 8 gogs.io/gogs 8 org.eclipse.jetty:jetty-server 8 validator 8 puppet 7 helm.sh/helm/v3 7 io.jenkins:configuration-as-code 7 com.liferay.portal:release.portal.bom 7 jquery 7 jquery-ui 7 forkcms/forkcms 7 org.apache.poi:poi 7 next 7 contao/core-bundle 7 activesupport 7 francoisjacquet/rosariosis 7 org.apache.tika:tika 7 getgrav/grav 7 org.apache.tika:tika-core 6 onionshare-cli 6 github.com/containerd/containerd 6 org.igniterealtime.openfire:parent 6 org.apache.cxf:cxf 6 ghost 6 org.bouncycastle:bcprov-jdk14 6 org.bouncycastle:bcprov-jdk15 6 github.com/hashicorp/nomad 6 org.apache.santuario:xmlsec 6 com.vaadin:flow-server 6 org.apache.geode:geode-core 6 io.jenkins.blueocean:blueocean 6 url-parse 6 urijs 6 pyload-ng 6 snyk-broker 6 angular 6 bootstrap 6 org.jboss.resteasy:resteasy-client 6 org.apache.pdfbox:pdfbox 6 ember-source 6 facturascripts/facturascripts 6 ckeditor4 6 org.owasp.antisamy:antisamy 6 org.apache.ranger:ranger 6 github.com/google/fscrypt 6 drupal/core 6 org.xwiki.platform:xwiki-platform-oldcore 6 org.apache.kylin:kylin 6 kevinpapst/kimai2 6 org.jenkins-ci.plugins:subversion 5 baserproject/basercms 5 org.apache.archiva:archiva 5 org.apache.openmeetings:openmeetings-parent 5 org.apache.atlas:atlas-common 5 electron 5 commons-jxpath:commons-jxpath 5 lief 5 org.yaml:snakeyaml 5 numpy 5 sylius/sylius 5 github.com/argoproj/argo-cd/v2 5 github.com/argoproj/argo-cd 5 org.apache.httpcomponents:httpclient 5 org.apache.druid:druid 5 mysql:mysql-connector-java 5 feedparser 5 elefant/cms 5 sanitize-html 5 ssddanbrown/bookstack 5 concrete5/core 5 org.opencms:opencms-core 5 editor.md 5 tensorflow-lite 5 lock_api 5 wagtail 5 Zope2 5 org.jenkins-ci.plugins:p4 4 org.jenkins-ci.plugins:requests 4 io.jenkins.plugins:cavisson-ns-nd-integration 4 directmailteam/direct-mail 4 loofah 4 org.jenkins-ci.plugins:google-login 4 org.jenkins-ci.plugins:google-compute-engine 4 phpxmlrpc/phpxmlrpc 4 github.com/cri-o/cri-o 4 com.synopsys.jenkinsci:ownership 4 backdrop/backdrop 4 systeminformation 4 org.csanchez.jenkins.plugins:kubernetes 4 Microsoft.AspNetCore.All 4 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 4 Microsoft.NETCore.App 4 pocketmine/pocketmine-mp 4 org.jenkins-ci.plugins:openshift-deployer 4 @openzeppelin/contracts-upgradeable 4 @openzeppelin/contracts 4 twisted 4 github.com/hashicorp/consul 4 joplin 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 keystone 4 org.jenkins-ci.plugins:ec2 4 hapi 4 awsiotsdk 4 org.bouncycastle:bcprov-jdk15on 4 ipython 4 org.opensaml:opensaml 4 org.springframework:spring-webmvc 4 org.apache.karaf:apache-karaf 4 devise 4 camaleon_cms 4 puma 4 passenger 4 parse-server 4 spree 4 org.jenkins-ci.plugins:ghprb 4 org.apache.spark:spark-core_2.11 4 org.apache.spark:spark-core_2.10 4 wallabag/wallabag 4 io.netty:netty-codec-http 4 materialize-css 4 october/cms 4 TinyMCE 4 tinymce/tinymce 4 github.com/mattermost/mattermost-server/v6 4 openssl-src 4 code.gitea.io/gitea 4 DotNetNuke.Core 4 frontier 4 org.apache.james:james-server 4 handlebars 4 strapi 4 k8s.io/kubernetes 4 hyper 4 serve 4 github.com/docker/docker 4 github.com/openfga/openfga 4 magento/community-edition 4 io.vertx:vertx-core 3 pip 3 mayan-edms 3 org.jenkins-ci.plugins:cloudbees-jenkins-advisor 3 jsonwebtoken 3 org.apache.zeppelin:zeppelin 3 org.jenkins-ci.plugins:config-file-provider 3 urllib3 3 Flask-AppBuilder 3 org.jenkins-ci.plugins:hp-application-automation-tools-plugin 3 github.com/cortexproject/cortex 3 org.opennms:opennms 3 org.jenkins-ci.plugins:github-branch-source 3 com.xebialabs.ci:xlrelease-plugin 3 Django 3 github.com/traefik/traefik/v2 3 org.jenkins-ci.plugins:rapiddeploy-jenkins 3 org.jenkins-ci.plugins:extended-choice-parameter 3 org.jenkins-ci.plugins:libvirt-slave 3 org.jenkins-ci.plugins:cons3rt 3 org.apache.camel:camel-core 3 bleach 3 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 3 org.jenkins-ci.plugins:ci-with-toad-edge 3 xerces:xercesImpl 3 org.jenkins-ci.plugins:active-directory 3 org.conjur.jenkins:conjur-credentials 3 org.jenkins-ci.plugins:publish-over-ssh 3 github.com/mattermost/mattermost-server 3 github.com/cloudflare/cfrpki/cmd/octorpki 3 org.bouncycastle:bc-fips 3 feehi/cms 3 org.jenkins-ci.plugins:credentials 3 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 3 org.glassfish:javax.faces 3 org.graylog2:graylog2-server 3 Microsoft.NETCore.App.Runtime.linux-musl-arm64 3 Microsoft.NETCore.App.Runtime.win-arm 3 Microsoft.NETCore.App.Runtime.win-arm64 3 Microsoft.NETCore.App.Runtime.win-x86 3 Microsoft.NETCore.App.Runtime.win-x64 3 Microsoft.NETCore.App.Runtime.linux-musl-x64 3 Microsoft.NETCore.App.Runtime.osx-x64 3 Microsoft.NETCore.App.Runtime.linux-x64 3 Microsoft.NETCore.App.Runtime.linux-arm 3 Microsoft.NETCore.App.Runtime.linux-musl-arm 3 Microsoft.NETCore.App.Runtime.linux-arm64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 3 Microsoft.NETCore.App.Runtime.Mono.linux-arm64 3 Microsoft.NETCore.App.Runtime.Mono.linux-x64 3 Microsoft.NETCore.App.Runtime.Mono.osx-x64 3 Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 3 Microsoft.NETCore.App.Runtime.Mono.linux-arm 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 3 Microsoft.AspNetCore.App 3 org.apache.dolphinscheduler:dolphinscheduler 3 org.jenkins-ci.plugins:katalon 3 OctoPrint 3 org.jenkins-ci.plugins:audit-trail 3 fr.edf.jenkins.plugins:mac 3 org.springframework.data:spring-data-jpa 3 nodebb 3 org.apache.xmlgraphics:batik 3 parse-url 3 org.opencastproject:opencast-kernel 3 harp 3 centreon/centreon 3 rails_admin 3 dojo 3 apollo-server-core 3 org.jenkins-ci.plugins:deployer-framework 3 org.jenkins-ci.plugins:openstack-heat 3 fava 3 github.com/traefik/traefik 3 cranelift-codegen 3 modoboa 3 doorkeeper 3 github.com/ipfs/go-ipfs 3 org.apache.sling:org.apache.sling.api 3 org.apache.ws.security:wss4j 3 org.jenkins-ci.plugins:ec2-deployment-dashboard 3