Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14NnA3LTQ0cmgtbTNycs4AA90O
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Ecosystems: packagist
Packages: auth0/wordpress
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS01anE4LXE2cmotOWdxNM4AA9zp
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsing
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 21 hours ago
Moderate
GSA_kwCzR0hTQS1naDlmLTZ4bTItYzRqMs4AA9zl
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 21 hours ago
Moderate
GSA_kwCzR0hTQS03N3ZjLXJqMzItMnIzM84AA9w7
OpenSearch Observability does not properly restrict access to private tenant resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tcXFqLWZ4OGgtNDM3as4AA9ws
PrivateBin allows shortening of URLs for other domains
Ecosystems: packagist
Packages: privatebin/privatebin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14N3EyLXdyN2cteHFtZs4AA9wR
Django vulnerable to user enumeration attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS12ZndoLWd2ZjYtbWZmOM4AA9vd
Silverpeas Core Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS01NXI5LTVteDktcXE3cs4AA9ul
Cache driver GetBlob() allows read access to any blob without access control check
Ecosystems: go
Packages: zotregistry.dev/zot, zotregistry.io/zot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jaDdxLWdwZmYtaDlocM4AA9on
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qZm1qLTV2NGctNzYzN84AA9oo
zipp Denial of Service vulnerability
Ecosystems: pypi
Packages: zipp
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03aG1oLXBmcnAtdmN4NM4AA9og
Directus GraphQL Field Duplication Denial of Service (DoS)
Ecosystems: npm
Packages: @directus/env
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03NHI1LWc3dmMtajJ2Ms4AA9of
zerovec-derive incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec-derive
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1oeGdtLWdobXYteGpqbc4AA9oe
Directus incorrectly handles `_in` filter
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14cnYzLWptY3AtMzc0as4AA9od
zerovec incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5
Directus Blind SSRF On File Import
Ecosystems: npm
Packages: @directus/api
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01NjRqLXYyOXctcnFyNs4AA9n4
Khoj Open Redirect Vulnerability in Login Page
Ecosystems: pypi
Packages: khoj-assistant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1mZzRxLWNjcTgtM3I1cc4AA9n2
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Ecosystems: nuget
Packages: NHibernate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1oNjU4LXFxdjktcXd2OM4AA9nw
Apache NiFi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1waGc3LThtbTktZ2o4OM4AA9ne
EGroupware mishandles an ORDER BY clause
Ecosystems: packagist
Packages: egroupware/egroupware
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01M3E3LTQ4NzQtMjRxZ84AA9m9
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tOWd2LTZwMjItcWdtas4AA9m7
ai-controller-frontend payment status in basket isn't reset
Ecosystems: packagist
Packages: aimeos/ai-controller-frontend
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1mcXBnLXJxNzYtOTlwcc4AA9m6
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Ecosystems: go
Packages: github.com/jackc/pgx/v5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS13OW1oLTV4OGotOTc1NM4AA9m2
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jdnc5LWM1N2gtMzM5N84AA9m1
ZITADEL Vulnerable to Session Information Leakage
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1taDU1LWdxdmYteGZ3bc4AA9m0
Denial of service via malicious preflight requests in github.com/rs/cors
Ecosystems: go
Packages: github.com/rs/cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1ycnFyLTd3NTktNjM3ds4AA9mz
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jOTZyLTM4Z3YtZ3JwNM4AA9mX
ShopXO Server-Side Request Forgery Vulnerability
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1yNHY0LXc5cHYtNmZwaM4AA9mC
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Ecosystems: pypi
Packages: nova, glance, cinder
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xanZmLTg3NDgtOXc3aM4AA9gc
github.com/google/nftable IP addresses were encoded in the wrong byte order
Ecosystems: go
Packages: github.com/google/nftables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Ecosystems: packagist
Packages: aimeos/ai-admin-jsonadm
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backups
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1qNTl2LXZnY3ItaHh2Zs4AA9cp
GeoServer's Server Status shows sensitive environmental variables and Java properties
Ecosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS13aHB4LWc1NDItN2M3ds4AA9b8
@cat5th/key-serializer Prototype Pollution vulnerability
Ecosystems: npm
Packages: @cat5th/key-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04OHZyLWhqcXgtNTdxaM4AA9bv
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Ecosystems: npm
Packages: @adolph_dudu/ratio-swiper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm
@aofl/cli-lib Prototype Pollution vulnerability
Ecosystems: npm
Packages: @aofl/cli-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zNDM0LWhjM20tOG1tbc4AA9bD
Reflected Cross-Site Scripting (XSS) in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04NjljLWo3d2MtOGpxds4AA9as
Gin mishandles a wildcard at the end of an origin string
Ecosystems: go
Packages: github.com/gin-contrib/cors, github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1oZzU4LXJmMmgtNnJyN84AA9aS
CometBFT is unstability during blocksync when syncing from malicious peer
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xcWN2LXZnOWYtNXJyM84AA9Z6
litellm vulnerable to improper access control in team management
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1xMjdjLWo2ajktNTN3M84AA9Yo
Directory creation by malicious user in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS05cGhtLWZtNTctcmhnOM4AA9X0
Panic when parsing invalid palette-color images in golang.org/x/image
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1tcDNnLXZwbTktOXZxds4AA9Xz
@fastly/js-compute has a use-after-free in some host call implementations
Ecosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xNnh2LWptNHYtMzQ5aM4AA9Xx
Cross-site Scripting in ZenUML
Ecosystems: npm
Packages: @zenuml/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zY3BxLXJ3MzYtY3Bwds4AA9Xt
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:plain-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1ndzg0LTg0cGMteHA4Ms4AA9XO
Cross-site Scripting in djangorestframework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12NnY4LXhqNm0teHdxaM4AA9UK
go-retryablehttp can leak basic auth credentials to log files
Ecosystems: go
Packages: github.com/hashicorp/go-retryablehttp
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oMjZ3LXI0bTUtOHJyZs4AA9UE
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS0zNmdmLXZwajItajQyd84AA9Tg
Cross site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS03Z2pyLWhjYzMteGZyNM4AA9Ta
Improper line feed handling in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS03OWg4LWd4aHEtcTNqZ84AA9TI
Remote Code Execution in create_conda_env function in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1nNmM5LWY0eG0tOWo0eM4AA9S3
Open redirect in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03cTNoLWo5NXEtM3ZqaM4AA9Sy
Arbitrary File Creation in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1xeDQ0LTg4NWgtN3A1Ns4AA9S0
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1xYzNxLThycjgtOHA1ds4AA9S4
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1wcWhxLTc3cHctNzYzY84AA9Sv
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1qZzYyLWg3cHYtaHhnds4AA9RB
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Ecosystems: packagist
Packages: studiomitte/friendlycaptcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jY2hwLTNycTYtNjl3as4AA9RD
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Ecosystems: packagist
Packages: jweiland/events2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
ClassGraph XML External Entity Reference
Ecosystems: maven
Packages: io.github.classgraph:classgraph
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS05Z3h4LTU4cTYtNDJwN84AA9QI
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Ecosystems: go
Packages: github.com/lightningnetwork/lnd
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1ydmo0LXE4cTUtOGdyZs4AA9Pw
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Ecosystems: go
Packages: github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1odzVmLTZ3dnYteGNyaM4AA9Pu
SFTPGo has insufficient access control for password reset
Ecosystems: go
Packages: github.com/drakkan/sftpgo/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1oY3I3LWNxd2MtcTVncc4AA9OR
Apache Superset server arbitrary file read
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS05aGN2LWo5cHYtcW1waM4AA9LE
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13OWp4LTRnNmctcnA3eM4AA9LD
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14NGdwLXBxcGotZjQzcc4AA9KH
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Ecosystems: cargo
Packages: curve25519-dalek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1wNWNnLTZyZnItNm14OM4AA9KE
Moodle stored XSS via calendar's event title when deleting the event
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1yODJ3LTNwaGctcXZyNM4AA9KF
Moodle uses the same key for QR login and auto-login
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS14Mjl4LXF3dngtZnhyMs4AA9KB
Moodle BigBlueButton web service leaks meeting joining information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0zNTZnLTd4MzYtN20zNM4AA9J-
Moodle CSRF risks due to misuse of confirm_sesskey
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tOTN3LTRmeHYtcjM1ds4AA9J3
PocketBase performs password auth and OAuth2 unverified email linking
Ecosystems: go
Packages: github.com/pocketbase/pocketbase
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1ocGNnLXhqcTUtZzY2Ns4AA9Jv
Minder affected by denial of service from maliciously configured Git repository
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1xNmM3LTU2Y3EtZzJ3bc4AA9I6
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS02NGpxLW03cnEtNzY4aM4AA9I7
Rancher's External RoleTemplates can lead to privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key Leak
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS00Z200LWM0bWgtNHA3d84AA9I2
Firefly III has a MFA bypass in oauth flow
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1tajRwLWdtaHItOTJnM84AA9IS
@akbr/update Prototype Pollution
Ecosystems: npm
Packages: @akbr/update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1qOHB4LXBqbXAtMzI1Zs4AA9IZ
flatten-json Prototype Pollution
Ecosystems: npm
Packages: @allanlancioni/flatten-json
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1qajU4LTQ4OHYtNHJnZs4AA9Id
obx Prototype Pollution
Ecosystems: npm
Packages: @almela/obx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS00eGczLTd3N3EtODU2cc4AA9IO
object-deep-assign Prototype Pollution
Ecosystems: npm
Packages: @alexbinary/object-deep-assign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS02OXIyLTJmZzctN2hmOc4AA9IR
Badger Database Prototype Pollution
Ecosystems: npm
Packages: @abw/badger-database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1mZzUyLTVqamotMjhoN84AA9IK
@cdr0/sg Prototype Pollution
Ecosystems: npm
Packages: @cdr0/sg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1odzJjLTh4Z3ctbWY1N84AA9He
SonarQube logs sensitive information
Ecosystems: maven
Packages: org.sonarsource.sonarqube:sonar-web
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1odnhnLTc3bWctdnJ2cM4AA9GC
Mattermost Desktop App Remote Code Execution
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS14MjY4LXFwZzYtdzlnMs4AA9DM
CrateDB has a Client initialized Session-Renegotiation DoS
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS00cTIyLTQyMmctbTRwas4AA9C9
Elasticsearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS0yaG1mLTQ2djctdjZmeM4AA8_L
gqlparser denial of service vulnerability via the parserDirectives function
Ecosystems: go
Packages: github.com/vektah/gqlparser, github.com/vektah/gqlparser/v2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1oang2LWY2NDctbXZmOc4AA8_I
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jdjIzLXE2Z2gteGZyZs4AA8_F
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jYzU1LW12cWMtZzltZ84AA8-u
SummerNote Cross Site Scripting Vulnerability
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1qd2NnLXd2NXgtdmczZ84AA8-T
Apache Submarine Commons Utils has a hard-coded secret
Ecosystems: maven
Packages: org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS03am13LTgyNTktcTlqeM4AA88x
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Statistics
Advisories: 19,479
Packages: 8,596
Repositories: 2,569
Ecosystems: 12
Filter by Package
moodle/moodle 263 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 typo3/cms 119 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms-core 72 silverstripe/framework 62 microweber/microweber 62 django 55 dolibarr/dolibarr 54 apache-airflow 53 phpmyadmin/phpmyadmin 50 drupal/core 47 thorsten/phpmyfaq 45 actionpack 43 github.com/usememos/memos 42 apache-superset 41 drupal/drupal 39 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 34 librenms/librenms 32 nova 32 Plone 32 symfony/symfony 32 ansible 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 28 github.com/mattermost/mattermost/server/v8 27 org.elasticsearch:elasticsearch 26 intelliants/subrion 26 craftcms/cms 26 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 baserproject/basercms 22 k8s.io/kubernetes 21 github.com/answerdev/answer 21 grumpydictator/firefly-iii 20 org.apache.struts:struts2-core 20 shopware/shopware 19 froxlor/froxlor 18 rdiffweb 18 keystone 18 shopware/platform 18 mediawiki/core 18 nilsteampassnet/teampass 18 remdex/livehelperchat 18 matrix-synapse 18 zendframework/zendframework1 17 github.com/docker/docker 17 getkirby/cms 17 Django 17 glance 16 org.apache.tomcat.embed:tomcat-embed-core 16 github.com/argoproj/argo-cd/v2 15 salt 15 prestashop/prestashop 15 vyper 15 puppet 14 yetiforce/yetiforce-crm 14 nokogiri 14 io.undertow:undertow-core 14 tinymce 14 org.keycloak:keycloak-services 13 com.jfinal:jfinal 13 org.xwiki.platform:xwiki-platform-oldcore 13 tribalsystems/zenario 13 org.apache.jspwiki:jspwiki-main 13 forkcms/forkcms 13 github.com/goharbor/harbor 13 shopware/core 13 Pillow 13 mautic/core 13 github.com/hashicorp/consul 12 org.apache.solr:solr-core 12 simplesamlphp/simplesamlphp 12 neutron 12 github.com/hashicorp/vault 12 github.com/argoproj/argo-cd 12 com.thoughtworks.xstream:xstream 12 directus 12 tinymce/tinymce 11 TinyMCE 11 lavalite/cms 11 org.keycloak:keycloak-parent 11 rack 11 DotNetNuke.Core 11 pyftpdlib 11 org.bouncycastle:bcprov-jdk14 11 ec-cube/ec-cube 11 getgrav/grav 11 genix/cms 11 github.com/hashicorp/nomad 11 feehi/feehicms 11 github.com/cilium/cilium 11 contao/core-bundle 10 activesupport 10 github.com/containerd/containerd 10 silverstripe/cms 10 @openzeppelin/contracts 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 @openzeppelin/contracts-upgradeable 10 com.vaadin:vaadin-bom 10 org.eclipse.jetty:jetty-server 10 joplin 10 fat_free_crm 10 org.bouncycastle:bcprov-jdk15on 10 opencart/opencart 10 org.springframework:spring-core 10 github.com/ethereum/go-ethereum 10 github.com/mattermost/mattermost-server 10 typo3/cms-backend 10 notebook 10 wallabag/wallabag 10 github.com/greenpau/caddy-security 10 PaddlePaddle 10 zendframework/zendframework 10 francoisjacquet/rosariosis 10 org.springframework.security:spring-security-core 10 helm.sh/helm/v3 9 swagger-ui 9 org.igniterealtime.openfire:parent 9 ghost 9 cakephp/cakephp 9 code.gitea.io/gitea 9 wagtail 9 org.opencms:opencms-core 9 angular 9 org.opencrx:opencrx-core-models 9 org.mortbay.jetty:jetty 9 publify_core 9 horizon 9 roundup 9 org.jenkins-ci.plugins:git 9 gogs.io/gogs 9 github.com/traefik/traefik/v2 9 ckeditor4 9 rubygems-update 9 bolt/bolt 9 impresscms/impresscms 8 contao/contao 8 editor.md 8 org.apache.activemq:activemq-client 8 actionview 8 centreon/centreon 8 wasmtime 8 org.apache.archiva:archiva 8 Microsoft.ChakraCore 8 github.com/openfga/openfga 8 laravel/framework 8 bootstrap 8 rails-html-sanitizer 8 org.jenkins-ci.plugins:electricflow 8 rails 8 opencv-python 8 org.jenkins-ci.plugins:script-security 8 opencv-contrib-python 8 electron 8 sylius/sylius 8 github.com/kubeedge/kubeedge 8 jquery-rails 8 urllib3 7 vantage6 7 swift 7 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 modoboa 7 com.vaadin:flow-server 7 github.com/google/fscrypt 7 org.apache.cxf:cxf-core 7 gradio 7 symfony/http-foundation 7 cinder 7 org.owasp.antisamy:antisamy 7 phpmyfaq/phpmyfaq 7 org.webjars.npm:jquery 7 silverstripe/admin 7 jquery 7 org.jenkins-ci.plugins:config-file-provider 7 phpbb/phpbb 7 org.apache.james:james-server 7 io.jenkins.blueocean:blueocean 7 aiohttp 7 trytond 7 OctoPrint 7 github.com/1Panel-dev/1Panel 7 validator 7 pyload-ng 7 admidio/admidio 7 io.jenkins:configuration-as-code 7 org.apache.santuario:xmlsec 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 167 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/django/django 67 https://github.com/microweber/microweber 58 https://github.com/TYPO3/typo3 53 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/silverstripe/silverstripe-framework 45 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 35 https://github.com/kubernetes/kubernetes 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 26 https://github.com/Dolibarr/dolibarr 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/craftcms/cms 21 https://github.com/argoproj/argo-cd 21 https://github.com/spring-projects/spring-framework 21 https://github.com/snipe/snipe-it 20 https://github.com/firefly-iii/firefly-iii 20 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/ikus060/rdiffweb 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/python-pillow/Pillow 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/openstack/keystone 16 https://github.com/CVEProject/cvelist 15 https://github.com/vyperlang/vyper 15 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/tinymce/tinymce 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/directus/directus 13 https://github.com/getkirby/kirby 13 https://github.com/go-gitea/gitea 13 https://github.com/goharbor/harbor 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/octobercms/october 13 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/apache/cxf 12 https://github.com/forkcms/forkcms 11 https://github.com/contao/contao 11 https://github.com/saltstack/salt 11 https://github.com/cilium/cilium 11 https://github.com/moby/moby 11 https://github.com/liufee/cms 10 https://github.com/traefik/traefik 10 https://github.com/apache/nifi 10 https://github.com/vaadin/platform 10 https://github.com/containerd/containerd 10 https://github.com/simplesamlphp/simplesamlphp 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/laurent22/joplin 10 https://github.com/strapi/strapi 10 https://github.com/geoserver/geoserver 10 https://github.com/ethereum/go-ethereum 10 https://github.com/intelliants/subrion 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/mattermost/mattermost 10 https://github.com/baserproject/basercms 10 https://github.com/greenpau/caddy-security 10 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/jquery/jquery 9 https://github.com/github/advisory-database 9 https://github.com/TYPO3-CMS/core 9 https://github.com/helm/helm 9 https://github.com/openstack/glance 9 https://github.com/wagtail/wagtail 9 https://github.com/rack/rack 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/publify/publify 9 https://github.com/puppetlabs/puppet 9 https://github.com/electron/electron 9 https://github.com/apache/zeppelin 9 https://github.com/pandao/editor.md 8 https://github.com/jupyter/notebook 8 https://github.com/kubeedge/kubeedge 8 https://github.com/hashicorp/consul 8 https://github.com/openfga/openfga 8 https://github.com/wallabag/wallabag 8 https://github.com/zendframework/zendframework 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/LavaLite/cms 8 https://github.com/bcgit/bc-java 8 https://github.com/TryGhost/Ghost 8 https://github.com/rubygems/rubygems 8 https://github.com/umbraco/Umbraco-CMS 8 https://github.com/getgrav/grav 8 https://github.com/chakra-core/ChakraCore 7 https://github.com/aio-libs/aiohttp 7 https://github.com/google/fscrypt 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/openstack/horizon 7 https://github.com/gogs/gogs 7 https://github.com/opencv/opencv 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/hashicorp/vault 7 https://github.com/pyload/pyload 7 https://github.com/vantage6/vantage6 7 https://github.com/Sylius/Sylius 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/dotnet/runtime 7 https://github.com/scrapy/scrapy 7 https://github.com/vaadin/flow 7 https://github.com/rancher/rancher 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/pimcore/admin-ui-classic-bundle 7 https://github.com/urllib3/urllib3 7 https://github.com/nahsra/antisamy 7 https://github.com/kevinpapst/kimai2 7 https://github.com/twbs/bootstrap 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/laravel/framework 7 https://github.com/dolibarr/dolibarr 7 https://github.com/modoboa/modoboa 7 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/nocodb/nocodb 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/croogo/croogo 6 https://github.com/opensearch-project/security 6 https://github.com/parse-community/parse-server 6 https://github.com/zitadel/zitadel 6 https://github.com/panva/jose 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencart/opencart 6 https://github.com/zenml-io/zenml 6 https://github.com/decidim/decidim 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/yiisoft/yii2 6 https://github.com/stacklok/minder 6 https://github.com/dompdf/dompdf 6 https://github.com/onionshare/onionshare 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/containers/podman 6 https://github.com/cui2shark/security 6 https://github.com/oroinc/orocommerce 6 https://github.com/opencast/opencast 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/cubefs/cubefs 6 https://github.com/ipython/ipython 6 https://github.com/igniterealtime/Openfire 6 https://github.com/backstage/backstage 6 https://github.com/neorazorx/facturascripts 6 https://github.com/tornadoweb/tornado 6 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/cakephp/cakephp 5 https://github.com/undertow-io/undertow 5 https://github.com/apache/tika 5 https://github.com/nervosnetwork/ckb 5 https://github.com/unshiftio/url-parse 5 https://github.com/nodejs/undici 5 https://github.com/openstack/cinder 5 https://github.com/mantisbt/mantisbt 5 https://github.com/puma/puma 5 https://github.com/matrix-org/matrix-appservice-irc 5 https://github.com/cloudfoundry/uaa 5 https://github.com/admidio/admidio 5 https://github.com/tauri-apps/tauri 5 https://github.com/NodeBB/NodeBB 5 https://github.com/evershopcommerce/evershop 5 https://github.com/kivikakk/comrak 5 https://github.com/lxml/lxml 5 https://github.com/apache/kylin 5 https://github.com/vercel/next.js 5 https://github.com/pomerium/pomerium 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/psf/requests 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/apache/dolphinscheduler 5