Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Moderate Security Advisories
Browse all Security Advisories for Moderate
Loading...
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 5 hours ago
GSA_kwCzR0hTQS0zd3d4LTYzZnYtcGZxNs4ABAhN
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is presentEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 5 hours ago
Moderate
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core, OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
GSA_kwCzR0hTQS03dmZoLWNxcGMtNDI2N84ABAbj
Security Update for the OPC UA .NET Standard StackEcosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core, OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
Ecosystems: nuget
Packages: MessagePack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
GSA_kwCzR0hTQS00cW00LThoZzItZzJ4bc4ABAZj
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflowEcosystems: nuget
Packages: MessagePack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
GSA_kwCzR0hTQS1jcm1qLXFoNzQtMnIzNs4ABAYy
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoderEcosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
Moderate
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
GSA_kwCzR0hTQS1nOXhtLTc1MzgtbXE4d84ABAYx
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoderEcosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 days ago
Moderate
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 days ago
GSA_kwCzR0hTQS0zN2dtLWg1d3ItcGYyNc4ABAWF
Path traversal in redaxoEcosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 days ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
GSA_kwCzR0hTQS14NzZ3LTZ2anItOHhnas4ABATe
Possible ReDoS vulnerability in query parameter filtering in Action DispatchEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Infinite loop in github.com/gomarkdown/markdownEcosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
GSA_kwCzR0hTQS04anBnLTYyamMtaHdocs4ABATC
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builderEcosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 6 days ago
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hano allows bypass of CSRF Middleware by a request without Content-Type header.Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 6 days ago
Moderate
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 6 days ago
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak referencesEcosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 6 days ago
Moderate
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 7 days ago
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsxEcosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 days ago
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config FileEcosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 days ago
Moderate
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 days ago
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacksEcosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 days ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 7 days ago
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverityEcosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 7 days ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 7 days ago
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open RedirectEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 7 days ago
Moderate
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 7 days ago
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSSEcosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 7 days ago
Moderate
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 days ago
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimizationEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 days ago
Moderate
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 days ago
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilterEcosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 days ago
Moderate
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 10 days ago
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpointEcosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 10 days ago
Moderate
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 10 days ago
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 10 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG filesEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 11 days ago
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashesEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaksEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 11 days ago
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/joinEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null originEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 days ago
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassedEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 days ago
Moderate
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerabilityEcosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDsEcosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 12 days ago
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 days ago
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 12 days ago
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 days ago
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 days ago
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerabilityEcosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 days ago
Moderate
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary filesEcosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerabilityEcosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 days ago
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping importsEcosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 days ago
Moderate
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 12 days ago
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mountEcosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 12 days ago
Moderate
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str functionEcosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 13 days ago
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerabilityEcosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 13 days ago
Moderate
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 13 days ago
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secretsEcosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 13 days ago
Moderate
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 13 days ago
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 13 days ago
Moderate
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 13 days ago
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted stringEcosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 13 days ago
Moderate
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 13 days ago
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addressesEcosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 13 days ago
Moderate
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 13 days ago
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filtersEcosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 13 days ago
Moderate
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 14 days ago
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() APIEcosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 14 days ago
Moderate
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 14 days ago
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) APIEcosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 14 days ago
Moderate
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype PollutionEcosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
GSA_kwCzR0hTQS02MzJxLTc3cWotYzg5cc4ABABg
LimeSurvey Cross Site Scripting vulnerabilityEcosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerabilityEcosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization nameEcosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 14 days ago
GSA_kwCzR0hTQS1yOHc4LTc0d3ctajR3aM4ABABe
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinksEcosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 14 days ago
GSA_kwCzR0hTQS13OXh2LXFmOTgtY2NxNM4ABABd
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabledEcosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 14 days ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 14 days ago
GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs pageEcosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: lara-zeus/artemis, lara-zeus/dynamic-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
GSA_kwCzR0hTQS1jNmN3LWc3ZmMtNGd3Y84ABAA2
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSSEcosystems: packagist
Packages: lara-zeus/artemis, lara-zeus/dynamic-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 14 days ago
GSA_kwCzR0hTQS12NjZnLXA5eDYtdjk4cM4ABAA1
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample fileEcosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 14 days ago
Moderate
Ecosystems: packagist
Packages: mediawiki/cargo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
GSA_kwCzR0hTQS1qcXZtLTl4bTItZ2MzOM4AA_9-
Mediawiki Cargo extension vulnerable to Cross-site ScriptingEcosystems: packagist
Packages: mediawiki/cargo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
Ecosystems: packagist
Packages: dev-lancer/minecraft-motd-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
GSA_kwCzR0hTQS1xODk4LWZyd3EtZjNxcM4AA_9p
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSSEcosystems: packagist
Packages: dev-lancer/minecraft-motd-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
Ecosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
OpenStack Ironic fails to verify checksums of supplied image_source URLsEcosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Moderate
Ecosystems: maven
Packages: org.kordamp.json:json-lib-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
GSA_kwCzR0hTQS13d2NwLTI2d2MtM2Z4bc4AA_86
JSON-lib mishandles an unbalanced comment stringEcosystems: maven
Packages: org.kordamp.json:json-lib-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 18 days ago
GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app resultsEcosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 18 days ago
GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backupsEcosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: @sentry/browser
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 18 days ago
GSA_kwCzR0hTQS01OTNtLTU1aGgtajhnds4AA_74
Sentry SDK Prototype Pollution gadget in JavaScript SDKsEcosystems: npm
Packages: @sentry/browser
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 18 days ago
Moderate
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
GSA_kwCzR0hTQS02Nzg0LTljODItdnI4Nc4AA_73
Injection of arbitrary HTML/JavaScript code through the media download URLEcosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
Moderate
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
GSA_kwCzR0hTQS0yNTV3LTg3cmgtcmc0NM4AA_72
Cross-site Scripting via uploaded SVGEcosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 18 days ago
Moderate
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 18 days ago
GSA_kwCzR0hTQS14d2dqLXZwbTktcTJycc4AA_71
Vulnerable juju introspection abstract UNIX domain socketEcosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 18 days ago
Moderate
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 18 days ago
GSA_kwCzR0hTQS04djR3LWY0cjktN2g2eM4AA_70
Vulnerable juju hook tool abstract UNIX domain socketEcosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: @backstage/plugin-app-backend
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 18 days ago
GSA_kwCzR0hTQS1xYzR2LXhxMm0tNjV3Y84AA_7x
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backendEcosystems: npm
Packages: @backstage/plugin-app-backend
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 18 days ago
Moderate
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 18 days ago
GSA_kwCzR0hTQS1taDk4LTc2M2gtbTl2NM4AA_7w
JUJU_CONTEXT_ID is a predictable authentication secretEcosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: slim-select
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 19 days ago
GSA_kwCzR0hTQS1xdnF2LW1jeHIteDhxd84AA_7h
Slim Select has potential Cross-site Scripting issueEcosystems: npm
Packages: slim-select
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 19 days ago
Moderate
Ecosystems: npm, rubygems
Packages: @openc3/tool-common, openc3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
GSA_kwCzR0hTQS00eHF2LTQ3cm0tMzdtbc4AA_7R
OpenC3 stores passwords in clear text (`GHSL-2024-129`)Ecosystems: npm, rubygems
Packages: @openc3/tool-common, openc3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
GSA_kwCzR0hTQS12Zmo4LTVwajctMmY5Z84AA_7P
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
GSA_kwCzR0hTQS1wajk1LXBoNHEtNHFtNM4AA_6u
Jenkins exposes multi-line secrets through error messagesEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
GSA_kwCzR0hTQS1mOXFqLTc3cTItaDVjNc4AA_6r
Jenkins item creation restriction bypass vulnerabilityEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
GSA_kwCzR0hTQS02Mmp2LWo0dzctNWhoOM4AA_6s
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permissionEcosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 19 days ago
GSA_kwCzR0hTQS12eDNoLXF3cXctcjJ3cc4AA_6p
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IPEcosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 19 days ago
Moderate
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 20 days ago
GSA_kwCzR0hTQS1yMmp3LWM5NXEtcmoyOc4AA_6I
cocoon Reuses a Nonce, Key Pair in EncryptionEcosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 20 days ago
Moderate
Ecosystems: cargo
Packages: tonic
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 20 days ago
GSA_kwCzR0hTQS00andjLXcyaGMtNzhxds4AA_6F
Tonic has remotely exploitable denial of service vulnerabilityEcosystems: cargo
Packages: tonic
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 20 days ago
Moderate
Ecosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5, github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 20 days ago
GSA_kwCzR0hTQS1maHFxLThmNjUtNXhmY84AA_6C
Improper Input Validation in Buildah and PodmanEcosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5, github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 20 days ago
Moderate
Ecosystems: go
Packages: github.com/containers/common
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 20 days ago
GSA_kwCzR0hTQS1tYzc2LTU5MjUtYzVwNs4AA_5_
Link Following in github.com/containers/commonEcosystems: go
Packages: github.com/containers/common
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 20 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" featureEcosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" featureEcosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" featureEcosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 20 days ago
Moderate
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 20 days ago
GSA_kwCzR0hTQS14dzMyLTY0MjItZnJxbc4AA_5f
Pagekit Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 20 days ago
Moderate
Ecosystems: npm
Packages: git-shallow-clone
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 21 days ago
GSA_kwCzR0hTQS1xd3JxLXZ4dnctNTM3cs4AA_4l
git-shallow-clone OS Command Injection vulnerabilityEcosystems: npm
Packages: git-shallow-clone
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 21 days ago
Moderate
Ecosystems: packagist
Packages: starcitizentools/citizen-skin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
GSA_kwCzR0hTQS02MnIyLWdjeHItNDI2eM4AA_31
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" fieldEcosystems: packagist
Packages: starcitizentools/citizen-skin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 21 days ago
GSA_kwCzR0hTQS1oNXEzLWZqcDQtMng3cs4AA_3z
MantisBT vulnerable to information disclosure with user profilesEcosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 21 days ago
Statistics
Advisories: 20,351
Packages: 8,931
Repositories: 2,678
Ecosystems: 12
Packages: 8,931
Repositories: 2,678
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
262
tensorflow
207
tensorflow-gpu
203
tensorflow-cpu
201
magento/community-edition
132
typo3/cms
119
org.jenkins-ci.main:jenkins-core
117
org.apache.tomcat:tomcat
91
pimcore/pimcore
86
typo3/cms-core
72
microweber/microweber
65
silverstripe/framework
64
dolibarr/dolibarr
55
apache-airflow
53
phpmyadmin/phpmyadmin
50
drupal/core
48
thorsten/phpmyfaq
45
github.com/usememos/memos
45
actionpack
44
Django
44
apache-superset
42
drupal/drupal
40
github.com/mattermost/mattermost/server/v8
38
Plone
38
concrete5/concrete5
36
github.com/grafana/grafana
36
org.keycloak:keycloak-core
35
librenms/librenms
35
showdoc/showdoc
34
ansible
32
symfony/symfony
32
moin
30
github.com/mattermost/mattermost-server/v6
30
nova
30
plone
29
craftcms/cms
28
org.elasticsearch:elasticsearch
28
intelliants/subrion
26
com.liferay.portal:release.portal.bom
25
snipe/snipe-it
24
django
24
k8s.io/kubernetes
22
baserproject/basercms
22
github.com/answerdev/answer
21
grumpydictator/firefly-iii
20
org.apache.struts:struts2-core
20
shopware/platform
19
shopware/shopware
19
mediawiki/core
18
rdiffweb
18
remdex/livehelperchat
18
froxlor/froxlor
18
nilsteampassnet/teampass
18
mautic/core
17
zendframework/zendframework1
17
matrix-synapse
17
keystone
17
github.com/docker/docker
17
org.apache.tomcat.embed:tomcat-embed-core
16
github.com/argoproj/argo-cd/v2
16
glance
16
getkirby/cms
16
directus
16
salt
15
gradio
15
prestashop/prestashop
15
github.com/cilium/cilium
15
org.keycloak:keycloak-services
15
tinymce
14
org.xwiki.platform:xwiki-platform-oldcore
14
yetiforce/yetiforce-crm
14
puppet
14
shopware/core
14
io.undertow:undertow-core
14
nokogiri
14
vyper
14
github.com/hashicorp/vault
14
com.jfinal:jfinal
13
forkcms/forkcms
13
org.apache.jspwiki:jspwiki-main
13
tribalsystems/zenario
13
roundup
12
simplesamlphp/simplesamlphp
12
github.com/goharbor/harbor
12
com.thoughtworks.xstream:xstream
12
contao/core-bundle
12
github.com/hashicorp/consul
12
github.com/hashicorp/nomad
12
org.eclipse.jetty:jetty-server
11
getgrav/grav
11
rack
11
DotNetNuke.Core
11
github.com/argoproj/argo-cd
11
TinyMCE
11
tinymce/tinymce
11
lavalite/cms
11
ec-cube/ec-cube
11
org.apache.solr:solr-core
11
genix/cms
11
org.springframework.security:spring-security-core
11
org.bouncycastle:bcprov-jdk14
11
feehi/feehicms
11
org.keycloak:keycloak-parent
11
bootstrap
10
org.bouncycastle:bcprov-jdk15on
10
bolt/bolt
10
github.com/mattermost/mattermost-server
10
github.com/containerd/containerd
10
typo3/cms-backend
10
bootstrap
10
@openzeppelin/contracts-upgradeable
10
@openzeppelin/contracts
10
zendframework/zendframework
10
github.com/greenpau/caddy-security
10
silverstripe/cms
10
ghost
10
joplin
10
activesupport
10
org.apache.nifi:nifi
10
opencart/opencart
10
fat_free_crm
10
org.apache.jspwiki:jspwiki-war
10
com.vaadin:vaadin-bom
10
github.com/ethereum/go-ethereum
10
PaddlePaddle
10
wallabag/wallabag
10
ckeditor4
10
francoisjacquet/rosariosis
10
org.springframework:spring-core
10
rubygems-update
9
wagtail
9
publify_core
9
org.jenkins-ci.plugins:git
9
org.igniterealtime.openfire:parent
9
cakephp/cakephp
9
swagger-ui
9
org.mortbay.jetty:jetty
9
github.com/traefik/traefik/v2
9
horizon
9
gogs.io/gogs
9
notebook
9
org.opencms:opencms-core
9
org.opencrx:opencrx-core-models
9
org.webjars:bootstrap
9
code.gitea.io/gitea
9
twbs/bootstrap
9
aiohttp
9
angular
9
bootstrap
9
wasmtime
9
helm.sh/helm/v3
9
pyftpdlib
8
opencv-python
8
Microsoft.ChakraCore
8
github.com/zitadel/zitadel
8
opencv-contrib-python
8
rails-html-sanitizer
8
sylius/sylius
8
rails
8
pimcore/admin-ui-classic-bundle
8
bootstrap.sass
8
centreon/centreon
8
org.jenkins-ci.plugins:script-security
8
impresscms/impresscms
8
laravel/framework
8
electron
8
github.com/kubeedge/kubeedge
8
contao/contao
8
jquery-rails
8
next
8
org.apache.activemq:activemq-client
8
editor.md
8
github.com/openfga/openfga
8
actionview
8
modoboa
8
org.jenkins-ci.plugins:electricflow
8
onionshare-cli
8
github.com/1Panel-dev/1Panel
7
silverstripe/admin
7
org.bouncycastle:bcprov-jdk15to18
7
io.jenkins:configuration-as-code
7
io.jenkins.blueocean:blueocean
7
sulu/sulu
7
org.webjars.npm:jquery
7
jquery
7
cinder
7
phpbb/phpbb
7
vantage6
7
org.jenkins-ci.plugins:subversion
7
jquery-ui
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
com.vaadin:flow-server
7
trytond
7
swift
7
org.apache.santuario:xmlsec
7
admidio/admidio
7
neutron
7
github.com/google/fscrypt
7
Filter by Repository
https://github.com/tensorflow/tensorflow
207
https://github.com/moodle/moodle
167
https://github.com/jenkinsci/jenkins
91
https://github.com/pimcore/pimcore
83
https://github.com/microweber/microweber
61
https://github.com/apache/airflow
53
https://github.com/django/django
53
https://github.com/apache/tomcat
53
https://github.com/TYPO3/typo3
53
https://github.com/silverstripe/silverstripe-framework
47
https://github.com/thorsten/phpmyfaq
45
https://github.com/usememos/memos
45
https://github.com/xwiki/xwiki-platform
43
https://github.com/rails/rails
36
https://github.com/kubernetes/kubernetes
35
https://github.com/librenms/librenms
33
https://github.com/star7th/showdoc
32
https://github.com/keycloak/keycloak
31
https://github.com/ansible/ansible
30
https://github.com/grafana/grafana
30
https://github.com/symfony/symfony
26
https://github.com/spring-projects/spring-framework
23
https://github.com/craftcms/cms
23
https://github.com/argoproj/argo-cd
22
https://github.com/phpmyadmin/phpmyadmin
22
https://github.com/Dolibarr/dolibarr
22
https://github.com/concretecms/concretecms
21
https://github.com/answerdev/answer
21
https://github.com/firefly-iii/firefly-iii
20
https://github.com/magento/magento2
20
https://github.com/plone/Products.CMFPlone
20
https://github.com/snipe/snipe-it
20
https://github.com/apache/activemq
19
https://github.com/openstack/nova
19
https://github.com/ikus060/rdiffweb
18
https://github.com/livehelperchat/livehelperchat
18
https://github.com/apache/struts
17
https://github.com/shopware/platform
17
https://github.com/shopware/shopware
17
https://github.com/mautic/mautic
17
https://github.com/matrix-org/synapse
16
https://github.com/openstack/keystone
15
https://github.com/cilium/cilium
15
https://github.com/CVEProject/cvelist
15
https://github.com/directus/directus
15
https://github.com/OpenNMS/opennms
14
https://github.com/PaddlePaddle/Paddle
14
https://github.com/vyperlang/vyper
14
https://github.com/apache/cxf
14
https://github.com/yetiforcecompany/yetiforcecrm
14
https://github.com/TYPO3/TYPO3.CMS
14
https://github.com/froxlor/froxlor
14
https://github.com/tinymce/tinymce
14
https://github.com/getkirby/kirby
13
https://github.com/x-stream/xstream
13
https://github.com/contao/contao
13
https://github.com/octobercms/october
13
https://github.com/go-gitea/gitea
13
https://github.com/gradio-app/gradio
13
https://github.com/netty/netty
12
https://github.com/PrestaShop/PrestaShop
12
https://github.com/goharbor/harbor
12
https://github.com/saltstack/salt
11
https://github.com/forkcms/forkcms
11
https://github.com/moby/moby
11
https://github.com/mattermost/mattermost
11
https://github.com/ethereum/go-ethereum
10
https://github.com/traefik/traefik
10
https://github.com/laurent22/joplin
10
https://github.com/vaadin/platform
10
https://github.com/strapi/strapi
10
https://github.com/OpenZeppelin/openzeppelin-contracts
10
https://github.com/baserproject/basercms
10
https://github.com/nilsteampassnet/TeamPass
10
https://github.com/intelliants/subrion
10
https://github.com/umbraco/Umbraco-CMS
10
https://github.com/greenpau/caddy-security
10
https://github.com/backstage/backstage
10
https://github.com/github/advisory-database
10
https://github.com/simplesamlphp/simplesamlphp
10
https://github.com/geoserver/geoserver
10
https://github.com/liufee/cms
10
https://github.com/containerd/containerd
10
https://github.com/apache/nifi
10
https://github.com/aio-libs/aiohttp
9
https://github.com/sparklemotion/nokogiri
9
https://github.com/bytecodealliance/wasmtime
9
https://github.com/jenkinsci/git-plugin
9
https://github.com/jquery/jquery
9
https://github.com/ckeditor/ckeditor4
9
https://github.com/publify/publify
9
https://github.com/TYPO3-CMS/core
9
https://github.com/zitadel/zitadel
9
https://github.com/helm/helm
9
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/puppetlabs/puppet
9
https://github.com/electron/electron
9
https://github.com/wagtail/wagtail
9
https://github.com/TryGhost/Ghost
9
https://github.com/openstack/glance
9
https://github.com/rack/rack
9
https://github.com/pandao/editor.md
8
https://github.com/python-pillow/Pillow
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/openfga/openfga
8
https://github.com/apache/zeppelin
8
https://github.com/rubygems/rubygems
8
https://github.com/getgrav/grav
8
https://github.com/decidim/decidim
8
https://github.com/bcgit/bc-java
8
https://github.com/pimcore/admin-ui-classic-bundle
8
https://github.com/nilsteampassnet/teampass
8
https://github.com/LavaLite/cms
8
https://github.com/rails/rails-html-sanitizer
8
https://github.com/wallabag/wallabag
8
https://github.com/zendframework/zendframework
8
https://github.com/eclipse/jetty.project
8
https://github.com/modoboa/modoboa
8
https://github.com/kubeedge/kubeedge
8
https://github.com/hashicorp/consul
8
https://github.com/dotnet/runtime
8
https://github.com/onionshare/onionshare
8
https://github.com/hashicorp/vault
7
https://github.com/Sylius/Sylius
7
https://github.com/sulu/sulu
7
https://github.com/jupyter/notebook
7
https://github.com/gogs/gogs
7
https://github.com/1Panel-dev/1Panel
7
https://github.com/nahsra/antisamy
7
https://github.com/opencv/opencv
7
https://github.com/dolibarr/dolibarr
7
https://github.com/chakra-core/ChakraCore
7
https://github.com/scrapy/scrapy
7
https://github.com/thorsten/phpMyFAQ
7
https://github.com/pyload/pyload
7
https://github.com/google/fscrypt
7
https://github.com/jeecgboot/jeecg-boot
7
https://github.com/kevinpapst/kimai2
7
https://github.com/vaadin/flow
7
https://github.com/openstack/horizon
7
https://github.com/vantage6/vantage6
7
https://github.com/urllib3/urllib3
7
https://github.com/containers/podman
7
https://github.com/twbs/bootstrap
7
https://github.com/laravel/framework
7
https://github.com/jenkinsci/blueocean-plugin
7
https://github.com/croogo/croogo
6
https://github.com/zenml-io/zenml
6
https://github.com/PHPOffice/PhpSpreadsheet
6
https://github.com/rancher/rancher
6
https://github.com/jenkinsci/script-security-plugin
6
https://github.com/panva/jose
6
https://github.com/tornadoweb/tornado
6
https://github.com/vercel/next.js
6
https://github.com/stacklok/minder
6
https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
6
https://github.com/lxml/lxml
6
https://github.com/oroinc/orocommerce
6
https://github.com/cloudflare/cfrpki
6
https://github.com/pomerium/pomerium
6
https://github.com/opensearch-project/security
6
https://github.com/jenkinsci/configuration-as-code-plugin
6
https://github.com/nocodb/nocodb
6
https://github.com/yiisoft/yii2
6
https://github.com/dompdf/dompdf
6
https://github.com/neorazorx/facturascripts
6
https://github.com/ckan/ckan
6
https://github.com/owen2345/camaleon-cms
6
https://github.com/puma/puma
6
https://github.com/jquery/jquery-ui
6
https://github.com/cui2shark/security
6
https://github.com/d4wner/Vulnerabilities-Report
6
https://github.com/parse-community/parse-server
6
https://github.com/apache/superset
6
https://github.com/cubefs/cubefs
6
https://github.com/jenkinsci/config-file-provider-plugin
6
https://github.com/opencast/opencast
6
https://github.com/opencart/opencart
6
https://github.com/pimcore/customer-data-framework
6
https://github.com/igniterealtime/Openfire
6
https://github.com/mantisbt/mantisbt
6
https://github.com/vapor/vapor
5
https://github.com/apache/dolphinscheduler
5
https://github.com/admidio/admidio
5
https://github.com/FlowiseAI/Flowise
5
https://github.com/psf/requests
5
https://github.com/bolt/bolt
5
https://github.com/apache/tika
5
https://github.com/centreon/centreon-archived
5
https://github.com/OPCFoundation/UA-.NETStandard
5
https://github.com/unshiftio/url-parse
5
https://github.com/Byron/gitoxide
5
https://github.com/roundup-tracker/roundup
5
https://github.com/kivikakk/comrak
5
https://github.com/cosmos/cosmos-sdk
5
https://github.com/twisted/twisted
5
https://github.com/nodejs/undici
5
https://github.com/apache/kylin
5
https://github.com/ruby/rexml
5