Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Browse all Security Advisories for Moderate

Loading...
Moderate
GSA_kwCzR0hTQS0zd3d4LTYzZnYtcGZxNs4ABAhN
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 5 hours ago
Moderate
GSA_kwCzR0hTQS03dmZoLWNxcGMtNDI2N84ABAbj
Security Update for the OPC UA .NET Standard Stack
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core, OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00cW00LThoZzItZzJ4bc4ABAZj
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Ecosystems: nuget
Packages: MessagePack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1jcm1qLXFoNzQtMnIzNs4ABAYy
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1nOXhtLTc1MzgtbXE4d84ABAYx
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0zN2dtLWg1d3ItcGYyNc4ABAWF
Path traversal in redaxo
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14NzZ3LTZ2anItOHhnas4ABATe
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Infinite loop in github.com/gomarkdown/markdown
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS04anBnLTYyamMtaHdocs4ABATC
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimization
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilter
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secrets
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS02MzJxLTc3cWotYzg5cc4ABABg
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1yOHc4LTc0d3ctajR3aM4ABABe
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13OXh2LXFmOTgtY2NxNM4ABABd
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1jNmN3LWc3ZmMtNGd3Y84ABAA2
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Ecosystems: packagist
Packages: lara-zeus/artemis, lara-zeus/dynamic-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12NjZnLXA5eDYtdjk4cM4ABAA1
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qcXZtLTl4bTItZ2MzOM4AA_9-
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: mediawiki/cargo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1xODk4LWZyd3EtZjNxcM4AA_9p
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Ecosystems: packagist
Packages: dev-lancer/minecraft-motd-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Ecosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS13d2NwLTI2d2MtM2Z4bc4AA_86
JSON-lib mishandles an unbalanced comment string
Ecosystems: maven
Packages: org.kordamp.json:json-lib-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS01OTNtLTU1aGgtajhnds4AA_74
Sentry SDK Prototype Pollution gadget in JavaScript SDKs
Ecosystems: npm
Packages: @sentry/browser
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS02Nzg0LTljODItdnI4Nc4AA_73
Injection of arbitrary HTML/JavaScript code through the media download URL
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS0yNTV3LTg3cmgtcmc0NM4AA_72
Cross-site Scripting via uploaded SVG
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS14d2dqLXZwbTktcTJycc4AA_71
Vulnerable juju introspection abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04djR3LWY0cjktN2g2eM4AA_70
Vulnerable juju hook tool abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1xYzR2LXhxMm0tNjV3Y84AA_7x
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Ecosystems: npm
Packages: @backstage/plugin-app-backend
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1taDk4LTc2M2gtbTl2NM4AA_7w
JUJU_CONTEXT_ID is a predictable authentication secret
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1xdnF2LW1jeHIteDhxd84AA_7h
Slim Select has potential Cross-site Scripting issue
Ecosystems: npm
Packages: slim-select
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS00eHF2LTQ3cm0tMzdtbc4AA_7R
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Ecosystems: npm, rubygems
Packages: @openc3/tool-common, openc3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS12Zmo4LTVwajctMmY5Z84AA_7P
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1wajk1LXBoNHEtNHFtNM4AA_6u
Jenkins exposes multi-line secrets through error messages
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1mOXFqLTc3cTItaDVjNc4AA_6r
Jenkins item creation restriction bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS02Mmp2LWo0dzctNWhoOM4AA_6s
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS12eDNoLXF3cXctcjJ3cc4AA_6p
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1yMmp3LWM5NXEtcmoyOc4AA_6I
cocoon Reuses a Nonce, Key Pair in Encryption
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS00andjLXcyaGMtNzhxds4AA_6F
Tonic has remotely exploitable denial of service vulnerability
Ecosystems: cargo
Packages: tonic
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1maHFxLThmNjUtNXhmY84AA_6C
Improper Input Validation in Buildah and Podman
Ecosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5, github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1tYzc2LTU5MjUtYzVwNs4AA_5_
Link Following in github.com/containers/common
Ecosystems: go
Packages: github.com/containers/common
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS14dzMyLTY0MjItZnJxbc4AA_5f
Pagekit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1xd3JxLXZ4dnctNTM3cs4AA_4l
git-shallow-clone OS Command Injection vulnerability
Ecosystems: npm
Packages: git-shallow-clone
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS02MnIyLWdjeHItNDI2eM4AA_31
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Ecosystems: packagist
Packages: starcitizentools/citizen-skin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1oNXEzLWZqcDQtMng3cs4AA_3z
MantisBT vulnerable to information disclosure with user profiles
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 21 days ago
Statistics
Advisories: 20,351
Packages: 8,931
Repositories: 2,678
Ecosystems: 12
Filter by Severity
Moderate 8,817 High 7,060 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 2,678 packagist 2,572 pypi 1,917 npm 1,173 go 1,036 nuget 615 rubygems 412 cargo 295 hex 13 swift 12 actions 4 pub 3
Filter by Package
moodle/moodle 262 tensorflow 207 tensorflow-gpu 203 tensorflow-cpu 201 magento/community-edition 132 typo3/cms 119 org.jenkins-ci.main:jenkins-core 117 org.apache.tomcat:tomcat 91 pimcore/pimcore 86 typo3/cms-core 72 microweber/microweber 65 silverstripe/framework 64 dolibarr/dolibarr 55 apache-airflow 53 phpmyadmin/phpmyadmin 50 drupal/core 48 thorsten/phpmyfaq 45 github.com/usememos/memos 45 actionpack 44 Django 44 apache-superset 42 drupal/drupal 40 github.com/mattermost/mattermost/server/v8 38 Plone 38 concrete5/concrete5 36 github.com/grafana/grafana 36 org.keycloak:keycloak-core 35 librenms/librenms 35 showdoc/showdoc 34 ansible 32 symfony/symfony 32 moin 30 github.com/mattermost/mattermost-server/v6 30 nova 30 plone 29 craftcms/cms 28 org.elasticsearch:elasticsearch 28 intelliants/subrion 26 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 django 24 k8s.io/kubernetes 22 baserproject/basercms 22 github.com/answerdev/answer 21 grumpydictator/firefly-iii 20 org.apache.struts:struts2-core 20 shopware/platform 19 shopware/shopware 19 mediawiki/core 18 rdiffweb 18 remdex/livehelperchat 18 froxlor/froxlor 18 nilsteampassnet/teampass 18 mautic/core 17 zendframework/zendframework1 17 matrix-synapse 17 keystone 17 github.com/docker/docker 17 org.apache.tomcat.embed:tomcat-embed-core 16 github.com/argoproj/argo-cd/v2 16 glance 16 getkirby/cms 16 directus 16 salt 15 gradio 15 prestashop/prestashop 15 github.com/cilium/cilium 15 org.keycloak:keycloak-services 15 tinymce 14 org.xwiki.platform:xwiki-platform-oldcore 14 yetiforce/yetiforce-crm 14 puppet 14 shopware/core 14 io.undertow:undertow-core 14 nokogiri 14 vyper 14 github.com/hashicorp/vault 14 com.jfinal:jfinal 13 forkcms/forkcms 13 org.apache.jspwiki:jspwiki-main 13 tribalsystems/zenario 13 roundup 12 simplesamlphp/simplesamlphp 12 github.com/goharbor/harbor 12 com.thoughtworks.xstream:xstream 12 contao/core-bundle 12 github.com/hashicorp/consul 12 github.com/hashicorp/nomad 12 org.eclipse.jetty:jetty-server 11 getgrav/grav 11 rack 11 DotNetNuke.Core 11 github.com/argoproj/argo-cd 11 TinyMCE 11 tinymce/tinymce 11 lavalite/cms 11 ec-cube/ec-cube 11 org.apache.solr:solr-core 11 genix/cms 11 org.springframework.security:spring-security-core 11 org.bouncycastle:bcprov-jdk14 11 feehi/feehicms 11 org.keycloak:keycloak-parent 11 bootstrap 10 org.bouncycastle:bcprov-jdk15on 10 bolt/bolt 10 github.com/mattermost/mattermost-server 10 github.com/containerd/containerd 10 typo3/cms-backend 10 bootstrap 10 @openzeppelin/contracts-upgradeable 10 @openzeppelin/contracts 10 zendframework/zendframework 10 github.com/greenpau/caddy-security 10 silverstripe/cms 10 ghost 10 joplin 10 activesupport 10 org.apache.nifi:nifi 10 opencart/opencart 10 fat_free_crm 10 org.apache.jspwiki:jspwiki-war 10 com.vaadin:vaadin-bom 10 github.com/ethereum/go-ethereum 10 PaddlePaddle 10 wallabag/wallabag 10 ckeditor4 10 francoisjacquet/rosariosis 10 org.springframework:spring-core 10 rubygems-update 9 wagtail 9 publify_core 9 org.jenkins-ci.plugins:git 9 org.igniterealtime.openfire:parent 9 cakephp/cakephp 9 swagger-ui 9 org.mortbay.jetty:jetty 9 github.com/traefik/traefik/v2 9 horizon 9 gogs.io/gogs 9 notebook 9 org.opencms:opencms-core 9 org.opencrx:opencrx-core-models 9 org.webjars:bootstrap 9 code.gitea.io/gitea 9 twbs/bootstrap 9 aiohttp 9 angular 9 bootstrap 9 wasmtime 9 helm.sh/helm/v3 9 pyftpdlib 8 opencv-python 8 Microsoft.ChakraCore 8 github.com/zitadel/zitadel 8 opencv-contrib-python 8 rails-html-sanitizer 8 sylius/sylius 8 rails 8 pimcore/admin-ui-classic-bundle 8 bootstrap.sass 8 centreon/centreon 8 org.jenkins-ci.plugins:script-security 8 impresscms/impresscms 8 laravel/framework 8 electron 8 github.com/kubeedge/kubeedge 8 contao/contao 8 jquery-rails 8 next 8 org.apache.activemq:activemq-client 8 editor.md 8 github.com/openfga/openfga 8 actionview 8 modoboa 8 org.jenkins-ci.plugins:electricflow 8 onionshare-cli 8 github.com/1Panel-dev/1Panel 7 silverstripe/admin 7 org.bouncycastle:bcprov-jdk15to18 7 io.jenkins:configuration-as-code 7 io.jenkins.blueocean:blueocean 7 sulu/sulu 7 org.webjars.npm:jquery 7 jquery 7 cinder 7 phpbb/phpbb 7 vantage6 7 org.jenkins-ci.plugins:subversion 7 jquery-ui 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 com.vaadin:flow-server 7 trytond 7 swift 7 org.apache.santuario:xmlsec 7 admidio/admidio 7 neutron 7 github.com/google/fscrypt 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 167 https://github.com/jenkinsci/jenkins 91 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 61 https://github.com/apache/airflow 53 https://github.com/django/django 53 https://github.com/apache/tomcat 53 https://github.com/TYPO3/typo3 53 https://github.com/silverstripe/silverstripe-framework 47 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 45 https://github.com/xwiki/xwiki-platform 43 https://github.com/rails/rails 36 https://github.com/kubernetes/kubernetes 35 https://github.com/librenms/librenms 33 https://github.com/star7th/showdoc 32 https://github.com/keycloak/keycloak 31 https://github.com/ansible/ansible 30 https://github.com/grafana/grafana 30 https://github.com/symfony/symfony 26 https://github.com/spring-projects/spring-framework 23 https://github.com/craftcms/cms 23 https://github.com/argoproj/argo-cd 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/Dolibarr/dolibarr 22 https://github.com/concretecms/concretecms 21 https://github.com/answerdev/answer 21 https://github.com/firefly-iii/firefly-iii 20 https://github.com/magento/magento2 20 https://github.com/plone/Products.CMFPlone 20 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/openstack/nova 19 https://github.com/ikus060/rdiffweb 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/shopware/shopware 17 https://github.com/mautic/mautic 17 https://github.com/matrix-org/synapse 16 https://github.com/openstack/keystone 15 https://github.com/cilium/cilium 15 https://github.com/CVEProject/cvelist 15 https://github.com/directus/directus 15 https://github.com/OpenNMS/opennms 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/vyperlang/vyper 14 https://github.com/apache/cxf 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/froxlor/froxlor 14 https://github.com/tinymce/tinymce 14 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/contao/contao 13 https://github.com/octobercms/october 13 https://github.com/go-gitea/gitea 13 https://github.com/gradio-app/gradio 13 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/goharbor/harbor 12 https://github.com/saltstack/salt 11 https://github.com/forkcms/forkcms 11 https://github.com/moby/moby 11 https://github.com/mattermost/mattermost 11 https://github.com/ethereum/go-ethereum 10 https://github.com/traefik/traefik 10 https://github.com/laurent22/joplin 10 https://github.com/vaadin/platform 10 https://github.com/strapi/strapi 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/intelliants/subrion 10 https://github.com/umbraco/Umbraco-CMS 10 https://github.com/greenpau/caddy-security 10 https://github.com/backstage/backstage 10 https://github.com/github/advisory-database 10 https://github.com/simplesamlphp/simplesamlphp 10 https://github.com/geoserver/geoserver 10 https://github.com/liufee/cms 10 https://github.com/containerd/containerd 10 https://github.com/apache/nifi 10 https://github.com/aio-libs/aiohttp 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/bytecodealliance/wasmtime 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/jquery/jquery 9 https://github.com/ckeditor/ckeditor4 9 https://github.com/publify/publify 9 https://github.com/TYPO3-CMS/core 9 https://github.com/zitadel/zitadel 9 https://github.com/helm/helm 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/puppetlabs/puppet 9 https://github.com/electron/electron 9 https://github.com/wagtail/wagtail 9 https://github.com/TryGhost/Ghost 9 https://github.com/openstack/glance 9 https://github.com/rack/rack 9 https://github.com/pandao/editor.md 8 https://github.com/python-pillow/Pillow 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/openfga/openfga 8 https://github.com/apache/zeppelin 8 https://github.com/rubygems/rubygems 8 https://github.com/getgrav/grav 8 https://github.com/decidim/decidim 8 https://github.com/bcgit/bc-java 8 https://github.com/pimcore/admin-ui-classic-bundle 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/LavaLite/cms 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/wallabag/wallabag 8 https://github.com/zendframework/zendframework 8 https://github.com/eclipse/jetty.project 8 https://github.com/modoboa/modoboa 8 https://github.com/kubeedge/kubeedge 8 https://github.com/hashicorp/consul 8 https://github.com/dotnet/runtime 8 https://github.com/onionshare/onionshare 8 https://github.com/hashicorp/vault 7 https://github.com/Sylius/Sylius 7 https://github.com/sulu/sulu 7 https://github.com/jupyter/notebook 7 https://github.com/gogs/gogs 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/scrapy/scrapy 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/pyload/pyload 7 https://github.com/google/fscrypt 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/kevinpapst/kimai2 7 https://github.com/vaadin/flow 7 https://github.com/openstack/horizon 7 https://github.com/vantage6/vantage6 7 https://github.com/urllib3/urllib3 7 https://github.com/containers/podman 7 https://github.com/twbs/bootstrap 7 https://github.com/laravel/framework 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/croogo/croogo 6 https://github.com/zenml-io/zenml 6 https://github.com/PHPOffice/PhpSpreadsheet 6 https://github.com/rancher/rancher 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/panva/jose 6 https://github.com/tornadoweb/tornado 6 https://github.com/vercel/next.js 6 https://github.com/stacklok/minder 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/lxml/lxml 6 https://github.com/oroinc/orocommerce 6 https://github.com/cloudflare/cfrpki 6 https://github.com/pomerium/pomerium 6 https://github.com/opensearch-project/security 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/nocodb/nocodb 6 https://github.com/yiisoft/yii2 6 https://github.com/dompdf/dompdf 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ckan/ckan 6 https://github.com/owen2345/camaleon-cms 6 https://github.com/puma/puma 6 https://github.com/jquery/jquery-ui 6 https://github.com/cui2shark/security 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/parse-community/parse-server 6 https://github.com/apache/superset 6 https://github.com/cubefs/cubefs 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/opencart/opencart 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/igniterealtime/Openfire 6 https://github.com/mantisbt/mantisbt 6 https://github.com/vapor/vapor 5 https://github.com/apache/dolphinscheduler 5 https://github.com/admidio/admidio 5 https://github.com/FlowiseAI/Flowise 5 https://github.com/psf/requests 5 https://github.com/bolt/bolt 5 https://github.com/apache/tika 5 https://github.com/centreon/centreon-archived 5 https://github.com/OPCFoundation/UA-.NETStandard 5 https://github.com/unshiftio/url-parse 5 https://github.com/Byron/gitoxide 5 https://github.com/roundup-tracker/roundup 5 https://github.com/kivikakk/comrak 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/twisted/twisted 5 https://github.com/nodejs/undici 5 https://github.com/apache/kylin 5 https://github.com/ruby/rexml 5