Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1wOHE2LXFyZ2otN2d4Ms4AA3oa
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: about 22 hours ago
Moderate
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0zcnB4LXBnbWYtajk2aM4AA3mF
Microweber Business Logic Errors
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14ZnY1LWpxZ3AtdnFoas4AA3l0
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Ecosystems: maven
Packages: io.quarkus:quarkus-cache
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02M2N2LTRwYzItNGZjZs4AA3lw
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: pypi, pub, packagist, cargo, rubygems, swift, nuget, go, maven, npm
Packages: pubnub, pubnub/pubnub, https://github.com/pubnub/swift, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1wanJqLWg0ZmctNmdtNM4AA3lF
tokio-boring vulnerable to resource exhaustion via memory leak
Ecosystems: cargo
Packages: tokio-boring
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03Zjl4LWd3ODUtOGdyZs4AA3lA
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Ecosystems: go
Packages: github.com/lestrrat-go/jwx/jwe, github.com/lestrrat-go/jwx/v2/jwe
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03bWM2LXg5MjUtN3F2eM4AA3k_
Test code in published microsoft-graph-beta package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-beta
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1taGhwLWMzY20tMnI4Ns4AA3k-
Test code in published microsoft-graph-core package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-core
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jZ3dxLTZwcnEtOGg5cc4AA3k9
Test code in published microsoft-graph package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1oNTZnLWdxOXYtdmM4cs4AA3kx
jupyter-server errors include tracebacks with path information
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04Zzg1LXdocWgtY3IyZs4AA3kv
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1mdmhqLTRxZmgtcTJobc4AA3ku
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04djZqLWdjNzQtZm1wcM4AA3hz
Ajax Pro Cross-site Scripting
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestore
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13ajdmLTQ2OG0tNm12OM4AA3e_
Environment variables still accessible through /proc
Ecosystems: cargo
Packages: birdcage
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS02ZzNqLXA1ZzYtOTkyZs4AA3ez
OpenSearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpaste
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qMjRoLXhjcGMtOWp3OM4AA3d2
Eclipse IDE XXE in eclipse.platform
Ecosystems: maven
Packages: org.eclipse.platform:org.eclipse.update.configurator, org.eclipse.platform:org.eclipse.ui.intro, org.eclipse.platform:org.eclipse.ui.intro.universal, org.eclipse.platform:org.eclipse.ui.cheatsheets, org.eclipse.platform:org.eclipse.tips.ide, org.eclipse.platform:org.eclipse.help, org.eclipse.platform:org.eclipse.help.webapp, org.eclipse.platform:org.eclipse.help.ui, org.eclipse.platform:org.eclipse.help.base, org.eclipse.platform:org.eclipse.compare.examples.xml, org.eclipse.platform:org.eclipse.team.ui, org.eclipse.platform:org.eclipse.ant.launching, org.eclipse.platform:org.eclipse.ant.core, org.eclipse.core:org.eclipse.core.runtime, org.eclipse.platform:org.eclipse.core.resources, org.eclipse.platform:org.eclipse.debug.ui, org.eclipse.platform:org.eclipse.debug.core, org.eclipse.platform:org.eclipse.core.variables, org.eclipse.platform:org.eclipse.ant.ui
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wcjR3LW00cnAtZ3A4N84AA3ck
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yNDRxLTk4Z3gtcG1oMs4AA3bb
Apache DolphinScheduler Missing Authorization vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-service, org.apache.dolphinscheduler:dolphinscheduler-dao, org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1wZ3BqLTgzZzMtbWZyMs4AA3ah
Jenkins Google Compute Engine Plugin has incorrect permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1waDg3LTR4MmctNmhwNM4AA3al
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS13cGZjLXI1cXEtN3I3cM4AA3af
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1xbWhxLTg3NmYtY3I2Nc4AA3ag
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS14d2g5LWdjMzktNTI5OM4AA3Zk
github.com/go-resty/resty/v2 HTTP request body disclosure
Ecosystems: go
Packages: github.com/go-resty/resty/v2
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1qamZoLTU4OWctM2hqeM4AA3ZY
Spring Boot denial of service vulnerability
Ecosystems: maven
Packages: org.springframework.boot:spring-boot
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zOTJoLXI0NmotcTI0cM4AA3Ym
OwnCast remote code execution vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zOTJjLXZqZnYtaDd3cs4AA3Xd
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jNmNnLTczcDMtOTczaM4AA3Xa
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default Permissions
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qanI3LTM3MnItY3g3eM4AA3XY
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1wNXByLXZtM2otanh4Zs4AA3Xm
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12NDI3LWM0OWotOHc2eM4AA3VI
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1qNzJmLWg3NTItbXg0d84AA3VH
Insertion of Sensitive Information into Log
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1yZ2c5LTI2NGgtM2hmd84AA3Ul
Directory Traversal in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12bTRwLWdoODIteHE5Ns4AA3Ti
Cross-site Scripting in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS0yODVtLXZoZnEteHg0aM4AA3TU
Elasticsearch Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlip
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm Confusion
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oaGNmLTc5cG0tcjhyOc4AA3QE
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS05NnE0LTdmd3ItZ214aM4AA3QG
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1xam14LXE1bTQteHFmNc4AA3QH
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jaGo1LTh3eGotcnhnOM4AA3QF
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01cGh3LTZnM3ItNTV4eM4AA3QA
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tZnA1LXZoNTgtM2ozcs4AA3QB
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1neDgyLWptNXEtZ2Z3Ms4AA3QC
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0zZzc5LWo4aHEtcjR4ds4AA3QD
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS04cGhyLTYzN2ctcHhyZ84AA3P2
LibreNMS Cross-site Scripting at Device groups Deletion feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1ycTQyLTU4cWYtdjNxeM4AA3Pz
LibreNMS vulnerable to rate limiting bypass on login page
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Concrete CMS allows unauthorized access because directories can be created with insecure permissions
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1jNnh3LWhnOXEtM2M5Zs4AA3Ow
OpenNMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.opennms:opennms-webapp
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS14dm12LTRyeDYteDZqeM4AA3OZ
Authenticated users can view job names and groups they do not have authorization to view
Ecosystems: maven
Packages: org.rundeck:rundeckapp
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1oeGpjLTlqOHYtdjlwcs4AA3Nu
CKEditor Cross-site Scripting vulnerability
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13OThnLTVmbXgtd200eM4AA3Mk
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Ecosystems: packagist
Packages: pocketmine/raklib
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02NzMzLTdycDctdmYzbc4AA3Mb
xxl-job-admin vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0zdzhyLTNqaDktODl2Oc4AA3MV
xxl-job-admin vulnerable to Insecure Permissions
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1jOGhqLXcyMzktNWd2Zs4AA3MK
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0zY2gzLWpoYzYtNXI4eM4AA3MJ
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS01NWcyLXZtM3EtN3c1Ms4AA3Lb
Ansible galaxy-importer Path Traversal vulnerability
Ecosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 24 days ago
Filter by Package
tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 102 pimcore/pimcore 89 moodle/moodle 83 org.apache.tomcat:tomcat 72 magento/community-edition 64 microweber/microweber 62 django 51 actionpack 47 thorsten/phpmyfaq 43 github.com/usememos/memos 42 apache-airflow 40 typo3/cms-core 36 showdoc/showdoc 34 apache-superset 33 librenms/librenms 31 concrete5/concrete5 30 org.keycloak:keycloak-core 30 dolibarr/dolibarr 29 github.com/mattermost/mattermost-server/v6 28 plone 28 typo3/cms 26 ansible 26 snipe/snipe-it 24 phpmyadmin/phpmyadmin 23 craftcms/cms 22 github.com/answerdev/answer 21 org.elasticsearch:elasticsearch 21 com.liferay.portal:release.portal.bom 20 intelliants/subrion 19 org.apache.struts:struts2-core 19 k8s.io/kubernetes 19 Plone 19 baserproject/basercms 18 rdiffweb 18 shopware/shopware 18 grumpydictator/firefly-iii 17 matrix-synapse 17 silverstripe/framework 17 remdex/livehelperchat 17 shopware/platform 16 symfony/symfony 16 github.com/mattermost/mattermost/server/v8 15 froxlor/froxlor 15 yetiforce/yetiforce-crm 14 Pillow 13 getkirby/cms 13 wallabag/wallabag 13 com.thoughtworks.xstream:xstream 12 prestashop/prestashop 12 tribalsystems/zenario 12 io.undertow:undertow-core 12 nokogiri 12 org.apache.jspwiki:jspwiki-main 12 org.keycloak:keycloak-parent 12 org.springframework:spring-core 12 github.com/goharbor/harbor 12 github.com/grafana/grafana 12 nova 12 feehi/feehicms 11 rails-html-sanitizer 11 marked 11 shopware/core 11 fat_free_crm 11 DotNetNuke.Core 11 github.com/hashicorp/consul 11 activesupport 11 org.xwiki.platform:xwiki-platform-oldcore 11 tinymce 11 lavalite/cms 10 drupal/core 10 org.apache.nifi:nifi 10 cakephp/cakephp 10 org.springframework.security:spring-security-core 10 forkcms/forkcms 10 github.com/ethereum/go-ethereum 10 actionview 10 org.apache.tomcat.embed:tomcat-embed-core 10 jquery-rails 10 pyftpdlib 10 github.com/argoproj/argo-cd 10 francoisjacquet/rosariosis 10 org.apache.jspwiki:jspwiki-war 10 rack 10 com.vaadin:vaadin-bom 10 github.com/hashicorp/nomad 9 github.com/argoproj/argo-cd/v2 9 org.jenkins-ci.plugins:git 9 github.com/hashicorp/vault 9 mautic/core 9 notebook 9 @openzeppelin/contracts-upgradeable 9 @openzeppelin/contracts 9 swagger-ui 9 publify_core 9 angular 9 org.opencrx:opencrx-core-models 9 org.apache.activemq:activemq-client 9 org.apache.solr:solr-core 9 jquery 9 nilsteampassnet/teampass 9 activerecord 9 gogs.io/gogs 9 puppet 9 org.eclipse.jetty:jetty-server 9 rubygems-update 9 github.com/containerd/containerd 8 contao/core-bundle 8 vyper 8 electron 8 centreon/centreon 8 wasmtime 8 github.com/kubeedge/kubeedge 8 org.webjars.npm:jquery 8 Microsoft.ChakraCore 8 opencv-contrib-python 8 opencv-python 8 getgrav/grav 8 validator 8 editor.md 8 helm.sh/helm/v3 8 org.jenkins-ci.plugins:electricflow 8 github.com/docker/docker 7 org.opennms:opennms 7 org.jenkins-ci.plugins:subversion 7 github.com/mattermost/mattermost-server 7 org.bouncycastle:bcprov-jdk14 7 org.igniterealtime.openfire:parent 7 ghost 7 com.vaadin:flow-server 7 org.apache.santuario:xmlsec 7 io.jenkins.blueocean:blueocean 7 admidio/admidio 7 modoboa 7 org.mortbay.jetty:jetty 7 io.jenkins:configuration-as-code 7 impresscms/impresscms 7 joplin 7 github.com/openfga/openfga 7 silverstripe/cms 7 github.com/cilium/cilium 7 next 7 rails 7 jquery-ui-rails 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui 7 jQuery 7 ckeditor4 7 directus 7 bootstrap 7 org.keycloak:keycloak-services 7 org.owasp.antisamy:antisamy 7 tinymce/tinymce 7 TinyMCE 7 glance 7 github.com/google/fscrypt 7 kevinpapst/kimai2 7 org.opencms:opencms-core 7 wagtail 7 onionshare-cli 6 org.apache.archiva:archiva 6 silverstripe/admin 6 org.bouncycastle:bcprov-jdk15 6 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 6 org.apache.geode:geode-core 6 sylius/sylius 6 url-parse 6 urijs 6 org.apache.poi:poi 6 snyk-broker 6 org.apache.cxf:cxf-core 6 org.apache.pdfbox:pdfbox 6 facturascripts/facturascripts 6 parse-server 6 keystone 6 urllib3 6 github.com/cloudflare/cfrpki 6 io.netty:netty 6 org.apache.tika:tika 6 org.jenkins-ci.plugins:ec2 5 org.jenkins-ci.plugins:fortify 5 org.jenkinsci.plugins:octoperf 5 directmailteam/direct-mail 5 org.biouno:uno-choice 5 Django 5 org.apache.openmeetings:openmeetings-parent 5 github.com/traefik/traefik/v2 5 org.jenkins-ci.plugins:google-compute-engine 5 org.apache.atlas:atlas-common 5 backdrop/backdrop 5 org.csanchez.jenkins.plugins:kubernetes 5 alextselegidis/easyappointments 5 OctoPrint 5 pocketmine/pocketmine-mp 5 twisted 5 commons-jxpath:commons-jxpath 5 lief 5 nodebb 5 ember-source 5 cockpit-hq/cockpit 5 pyload-ng 5 numpy 5 mailman 5 salt 5 code.gitea.io/gitea 5 org.apache.httpcomponents:httpclient 5 org.opennms:opennms-webapp 5 org.bouncycastle:bcprov-jdk15on 5 mysql:mysql-connector-java 5 org.jboss.resteasy:resteasy-client 5 feedparser 5 elefant/cms 5 neutron 5 com.mabl.integration.jenkins:mabl-integration 5 october/cms 5 github.com/mattermost/mattermost-server/v5 5 org.apache.ranger:ranger 5 comrak 5 croogo/croogo 5 ssddanbrown/bookstack 5 org.apache.james:james-server 5 org.yaml:snakeyaml 5 Products.CMFPlone 5 org.apache.cxf:cxf 5 org.apache.kylin:kylin 5 pimcore/admin-ui-classic-bundle 5 lock_api 5 org.jboss.netty:netty 5 Zope2 5 lxml 5 github.com/opencontainers/runc 5 openssl-src 5 io.jenkins.plugins:miniorange-saml-sp 5 org.jenkins-ci.plugins:codedx 5 org.jenkins-ci.plugins:email-ext 5 sanitize-html 5 aiohttp 5 jupyter-server 5 org.jenkins-ci.plugins:credentials 5 vantage6 4 org.xwiki.platform:xwiki-platform-web 4 org.jenkins-ci.plugins:fortify-on-demand-uploader 4 loofah 4 pip 4 org.apache.tika:tika-core 4 bottlerocket/update-operator 4 spree 4 python-keystoneclient 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 pillow 4 org.apache.zeppelin:zeppelin 4 org.jenkins-ci.plugins:config-file-provider 4 io.jenkins.plugins:cavisson-ns-nd-integration 4 com.xebialabs.deployit.ci:deployit-plugin 4 org.jenkins-ci.plugins:google-login 4 typo3/html-sanitizer 4 org.apache.commons:commons-compress 4 org.jenkins-ci.plugins:ansible 4 org.jenkins-ci.plugins:jira 4 glance 4 phpxmlrpc/phpxmlrpc 4 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 4 org.jenkins-ci.plugins:extended-choice-parameter 4 org.jenkins-ci.plugins:requests 4 org.jenkins-ci.plugins:active-directory 4 feehi/cms 4 nocodb 4 systeminformation 4 github.com/gophish/gophish 4 org.jenkins-ci.plugins:reportportal 4 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 4 Microsoft.NETCore.App.Runtime.linux-x64 4 Microsoft.NETCore.App.Runtime.linux-arm 4 Microsoft.NETCore.App.Runtime.linux-musl-arm 4 Microsoft.NETCore.App.Runtime.linux-musl-x64 4 Microsoft.NETCore.App.Runtime.linux-musl-arm64 4 Microsoft.NETCore.App.Runtime.linux-arm64 4 Microsoft.NETCore.App 4 Microsoft.AspNetCore.All 4 oro/commerce 4 org.jenkins-ci.plugins:openshift-deployer 4 org.xwiki.platform:xwiki-platform-web-templates 4 github.com/pion/dtls/v2 4 github.com/pion/dtls 4 camaleon_cms 4 calibreweb 4 keystone 4 github.com/traefik/traefik 4 org.springframework:spring-webmvc 4 org.opensaml:opensaml 4 ipython 4 org.apache.karaf:apache-karaf 4 requests 4 sulu/sulu 4 devise 4