Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Browse all Security Advisories for Moderate

Loading...
Moderate
GSA_kwCzR0hTQS1qaDZ4LTd4ZmctOWNxMs4ABBmw
Searching Opencast may cause a denial of service
Ecosystems: maven
Packages: org.opencastproject:opencast-elasticsearch-impl
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 8 hours ago
Moderate
GSA_kwCzR0hTQS1yNHBnLXZnNTQtd3h4NM4ABBmY
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Ecosystems: go
Packages: github.com/cert-manager/cert-manager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 10 hours ago
Moderate
GSA_kwCzR0hTQS05YzVwLTM1Z2otanFwNM4ABBlz
Rancher Helm Applications may have sensitive values leaked
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 12 hours ago
Moderate
GSA_kwCzR0hTQS1mZnAyLThwMmgtNG01as4ABBly
Password Pusher rate limiter can be bypassed by forging proxy headers
Ecosystems: rubygems
Packages: pwpush
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 12 hours ago
Moderate
GSA_kwCzR0hTQS14ZnY3LWgycWctcmptN84ABBlL
Moodle Lesson activity password bypass through PHP loose comparison
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1qNHYzLXd3d3gtNWdxds4ABBli
django Filer Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: django-filer
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1qODIyLXg1Z2ctNXI1Ns4ABBlQ
Moodle allows users to retrieve information they did not have permission to access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1maGcyLXIyaDktaDdxOM4ABBlV
Moodle IDOR when deleting OAuth2 linked accounts
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS12eGN2LTR4dmYtcGMyMs4ABBle
django CMS Attributes Field Cross-site Scripting
Ecosystems: pypi
Packages: djangocms-attributes-field
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1yNHhyLW0zOTMtNzc4bc4ABBlP
Moodle IDOR when accessing list of course badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1ocnhoLTl3NjctZzRjds4ABBj8
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTdqeGMtOHA2eM4ABBgP
Redaxo Core CMS Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1wN2Y2LThtY20tZnd2M84ABBfv
Statamic CMS has a Path Traversal in Asset Upload
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yeDJnLTMycjctcDR4OM4ABBff
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04NDk1LTRnM2cteDdwcs4ABBeU
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yN21mLWdocW0tajNqOM4ABBeT
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1qcDM3LTVxaHctbWZmd84ABBeS
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Ecosystems: cargo
Packages: sharks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1mNjMyLTk0NDktM2o0d84ABBdK
Apache Tomcat - XSS in generated JSPs
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-jasper
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1manE5LTQ1Mmctamczcc4ABBdJ
moodle: Some users can delete audiences of other reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF
Apache Tomcat Request and/or response mix-up
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jcTVmLXd2N3AtNWdmY84ABBdI
Moodle leaks user names
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tZzU0LXAyd2otNXBoN84ABBdH
moodle: IDOR when fetching report schedules
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1ndjVoLTU2NTUtaDRtds4ABBc_
django CMS Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14M3g5LTM0OXgtMjQ4Nc4ABBdA
moodle: IDOR in edit/delete RSS feed
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zd2Y0LTY4Z3gtbXBoOM4ABBdB
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Ecosystems: npm
Packages: firebase
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13M2M4LTdyOGYtOWpwOM4ABBcJ
Spring MVC controller vulnerable to a DoS attack
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1odnc1LTNtZ3ctN3JjZs4ABBb_
Debezium database connector has a script injection vulnerability
Ecosystems: maven
Packages: io.debezium:debezium-core, io.debezium:debezium-connector-sqlserver, io.debezium:debezium-connector-mysql
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0ycHBmLTJtNmYtNnY2Zs4ABBb9
OpenStack improperly deletes access rules
Ecosystems: pypi
Packages: python-openstackclient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1jODZxLXJqMzctOGY4Nc4ABBYy
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS05OXc4LWM1ZjYtOTZwcM4ABBYh
CSRF leading to delete account in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Stored XSS using two files in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1tOTgyLWg0ZjgtZzRoZs4ABBYf
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1yNzM1LTlnYzYtMmh2cc4ABBYj
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oaHZyLTJxNjktNDU2M84ABBYe
Cross site scripting in sylius/sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1majV2LXcyanAtd3F2as4ABBYg
Improper Access Control in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13cHByLWo1N2MtOGpwbc4ABBYo
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xMjk3LTVmZjgtaGM5Ms4ABBYN
FitNesse Path Traversal
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZzgyLTl3MzUtM3czcs4ABBYR
FitNesse Cross-site scripting
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wandtLWNyMzYtbXd2M84ABBXw
ReDoS in giskard's transformation.py (GHSL-2024-324)
Ecosystems: pypi
Packages: giskard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qM3ZxLXBtcDUtcjV4as4ABBXQ
Missing ratelimit on passwrod resets in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qM3B4LXE5NWMtOTY4M84ABBW2
zlib-rs stack overflow during decompression with malicious input
Ecosystems: cargo
Packages: libz-rs-sys-cdylib, libz-rs-sys, zlib-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00Mjc3LW0zNXEtN2M5d84ABBVW
Salt preflight script could be attacker controlled
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qdjgyLTc1ZmgtMjNyN84ABBVE
Missing permission check in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jZ3I0LWMyMzMtaDczM84ABBTs
UnoPim Stored XSS : Cookie hijacking through Create User function
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qNGg2LWdjajctN3Y5ds4ABBTI
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Ecosystems: rubygems
Packages: decidim-meetings
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nOHIzLTJ2ODktajZyNc4ABBS_
Moodle IDOR when accessing list of badge recipients
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qcnZtLW1jeGMtbWY2bc4ABBSa
dom-iterator code execution vulnerability
Ecosystems: npm
Packages: dom-iterator
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nMjNoLTd2ZjkteGMyNc4ABBP9
Mimalloc Can Allocate Memory with Bad Alignment
Ecosystems: cargo
Packages: mimalloc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wcXB3LTg5dzUtODJ2Nc4ABBP6
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Ecosystems: cargo
Packages: simd-json-derive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jbTQ2LWdxZjQtbXY0Zs4ABBP3
Orchid Platform has Method Exposure Vulnerability in Modals
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14dmc4LW00eDMtdzZ4cs4ABBP2
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1mbXE2LTR3NTctMnczds4ABBGc
wasm3 uncontrolled memory allocation vulnerability
Ecosystems: cargo, pypi, swift
Packages: wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS03bXI3LTRmNTQtdmN4Nc4ABBEa
HTTP Client uses incorrect token after refresh
Ecosystems: nuget
Packages: Duende.AccessTokenManagement.OpenIdConnect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0ydzV2LXgyOWctanc3as4ABBEY
Hashicorp Nomad Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1wOWN4LWY1OTUtaDc5aM4ABBDu
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS0ycjltLXdnMzUtcmZ2Y84ABBDp
Moodle vulnerable to cache poisoning via injection into storage
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13d2pmLWd3cnYtd2g0Nc4ABBDw
Moodle's IDOR in badges allows deletion of arbitrary badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12am1tLXI5Z2ctNDI1bc4ABBDo
Moodle has arbitrary file read risk through pdfTeX
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xcnF2LTI2Z2YteGd3aM4ABBDs
Moodle LFI vulnerability when restoring malformed block backups
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1teDI2LTYyeG0tMnA4M84ABBDv
Moodle vulnerable to site administration SQL injection via XMLDB editor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS05N2NxLWY0am0tbXY4aM4ABBDL
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS14ODNtLXBmNmYtcGY5Z84ABBDG
hibernate-validator Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.hibernate.validator:hibernate-validator
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1odjZtLXFqNjUtMjZxM84ABBCA
UnoPim Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1yaG05LWdwNXAtNTI0OM4ABBBs
Gradio vulnerable to arbitrary file read with File and UploadButton components
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14OHZwLWdmNHEtbXc1as4ABBBb
Symfony allows changing the environment through a query
Ecosystems: packagist
Packages: symfony/symfony, symfony/runtime
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zMnA0LWdtMmMtd21jaM4ABBBX
ansible-core Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1jYzZ4LThjYzctOTk1M84ABA-T
OctoPrint has API key access in settings without reauthentication
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS14dnhxLWc4aHctZng0Z84ABA-S
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS01cDVyLTU3ZngtcG1mcs4ABA9K
Langflow vulnerable to remote code execution
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zZ2Y5LXd2NjUtZ3doOc4ABA9G
gradio Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1nNXZ3LTNoNjUtMnEzds4ABA9F
Access control vulnerable to user data deletion by anonynmous users
Ecosystems: pypi
Packages: Zope, AccessControl
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03dm02LXF3aDUtOXg0NM4ABA9B
loona-hpack Panic Vulnerability
Ecosystems: cargo
Packages: loona-hpack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xM3JwLXZ2bTctajhqZ84ABA7y
Safearchive Path Traversal vulnerability
Ecosystems: go
Packages: github.com/google/safearchive
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1jd2dnLTU3eGotZzc3cs4ABA6Q
changedetection.io Path Traversal
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1oeHgyLTd2Y3ctbXFyM84ABA2z
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1oaGh2LWdnangtcTlqMs4ABA2O
Glossarizer Cross-site Scripting vulnerability
Ecosystems: npm
Packages: glossarizer
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1jcGg1LTNwZ3ItYzgyZ84ABA2F
Gnark out-of-memory during deserialization with crafted inputs
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS05OXdyLWMycHgtZ3JtaM4ABA1X
Hashicorp Consul Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01YzR3LThoaGgtM2MzaM4ABA1Z
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Ecosystems: nuget
Packages: ICG.AspNetCore.Utilities.CloudStorage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1mNjg2LWh3OWMteHc5Y84ABA0d
Snowflake JDBC Security Advisory
Ecosystems: maven
Packages: net.snowflake:snowflake-jdbc
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1mNzQ4LTdocGctODhjaM4ABAzB
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Ecosystems: go
Packages: github.com/NVIDIA/nvidia-container-toolkit
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1mNzdxLXI1cW0tdzRtOM4ABAyf
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
Ecosystems: cargo
Packages: sp1-recursion-gnark-ffi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1oYzV3LWM5ZjgtOWNjNM4ABAyR
Langchain Path Traversal vulnerability
Ecosystems: npm
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1jbTU5LThybXYtZjJjas4ABAyJ
Lollms vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS03bXFqLXhnZjgtcDU5ds4ABAw7
Apache NiFi Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02bXZwLWdoNzctN3Z3aM4ABAwn
Mattermost Server allows user to get private channel names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS03NjJnLTlwN2YtbXJ3d84ABAwp
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1nMzc2LW0zaDMtbWo0cs4ABAwy
Mattermost server allows authenticated user to delete arbitrary post
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS03NjJ2LXJxN3EtZmY5N84ABAw6
Mattermost Server vulnerable to application crash from attacker-generated large response
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13Y3g5LWNjcGotaHgzY84ABAuW
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Ecosystems: go
Packages: github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1qOTQ1LWM0NHYtOTdnNs4ABAt9
MPXJ has a Potential Path Traversal Vulnerability
Ecosystems: nuget, pypi, rubygems, maven
Packages: MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1naGp3LTMyeHctZmZ3cs4ABAt8
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0ycnhwLXY2cHctY2g2bc4ABAtZ
REXML ReDoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1oeGYzLXZncG0tZnY5cM4ABAsl
CycloneDX cdxgen may execute code contained within build-related files
Ecosystems: npm
Packages: @cyclonedx/cdxgen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tZ2Z2LW00N3gtNHdxcM4ABAsG
useragent Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: useragent
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS02OHFnLWc3ODctM3JwNc4ABAsI
Knwl.js Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: knwl.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS13NDU1LW1mcTktaGY3NM4ABAsC
insane vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: insane
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1wOHBjLTNmN3ctanI1cc4ABAsH
Foundation Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: foundation-sites
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zcGh2LTgzY2otcDhwN84ABAsK
nope-validator Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: nope-validator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2,709
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 2,684 packagist 2,609 pypi 1,858 npm 1,183 go 1,041 nuget 626 rubygems 421 cargo 304 hex 14 swift 13 actions 4 pub 3
Filter by Package
moodle/moodle 276 tensorflow 200 tensorflow-cpu 198 tensorflow-gpu 197 magento/community-edition 132 typo3/cms 119 org.jenkins-ci.main:jenkins-core 117 org.apache.tomcat:tomcat 91 pimcore/pimcore 86 typo3/cms-core 72 microweber/microweber 65 silverstripe/framework 64 dolibarr/dolibarr 55 phpmyadmin/phpmyadmin 50 drupal/core 48 github.com/usememos/memos 46 actionpack 45 thorsten/phpmyfaq 45 apache-airflow 43 github.com/mattermost/mattermost/server/v8 42 drupal/drupal 40 apache-superset 39 Plone 38 Django 38 librenms/librenms 36 concrete5/concrete5 36 showdoc/showdoc 34 org.keycloak:keycloak-core 34 symfony/symfony 33 moin 30 github.com/mattermost/mattermost-server/v6 30 plone 29 nova 29 org.elasticsearch:elasticsearch 28 github.com/grafana/grafana 28 craftcms/cms 28 intelliants/subrion 26 baserproject/basercms 26 ansible 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 k8s.io/kubernetes 21 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 shopware/platform 20 django 20 mediawiki/core 20 grumpydictator/firefly-iii 20 shopware/shopware 19 froxlor/froxlor 18 remdex/livehelperchat 18 mautic/core 18 nilsteampassnet/teampass 18 zendframework/zendframework1 17 org.apache.tomcat.embed:tomcat-embed-core 17 github.com/docker/docker 17 gradio 17 matrix-synapse 17 keystone 17 github.com/argoproj/argo-cd/v2 16 rdiffweb 16 getkirby/cms 16 glance 15 github.com/cilium/cilium 15 shopware/core 15 org.keycloak:keycloak-services 15 directus 15 prestashop/prestashop 15 io.undertow:undertow-core 15 vyper 15 tinymce 14 github.com/hashicorp/vault 14 github.com/hashicorp/consul 14 nokogiri 14 org.xwiki.platform:xwiki-platform-oldcore 14 puppet 14 yetiforce/yetiforce-crm 14 org.apache.jspwiki:jspwiki-main 13 tribalsystems/zenario 13 github.com/hashicorp/nomad 13 forkcms/forkcms 13 com.jfinal:jfinal 13 simplesamlphp/simplesamlphp 12 contao/core-bundle 12 com.thoughtworks.xstream:xstream 12 TinyMCE 11 feehi/feehicms 11 github.com/argoproj/argo-cd 11 roundup 11 tinymce/tinymce 11 lavalite/cms 11 salt 11 rack 11 org.eclipse.jetty:jetty-server 11 ec-cube/ec-cube 11 ckeditor4 11 org.keycloak:keycloak-parent 11 github.com/goharbor/harbor 11 DotNetNuke.Core 11 org.apache.solr:solr-core 11 genix/cms 11 org.springframework.security:spring-security-core 11 bootstrap 11 getgrav/grav 11 wallabag/wallabag 11 org.bouncycastle:bcprov-jdk14 11 opencart/opencart 10 aiohttp 10 fat_free_crm 10 @openzeppelin/contracts 10 github.com/greenpau/caddy-security 10 ghost 10 @openzeppelin/contracts-upgradeable 10 joplin 10 francoisjacquet/rosariosis 10 zendframework/zendframework 10 github.com/mattermost/mattermost-server 10 PaddlePaddle 10 org.apache.nifi:nifi 10 silverstripe/cms 10 github.com/containerd/containerd 10 notebook 10 activesupport 10 org.springframework:spring-core 10 typo3/cms-backend 10 github.com/ethereum/go-ethereum 10 org.apache.jspwiki:jspwiki-war 10 bolt/bolt 10 com.vaadin:vaadin-bom 10 org.bouncycastle:bcprov-jdk15on 10 bootstrap 10 publify_core 9 cakephp/cakephp 9 wasmtime 9 twbs/bootstrap 9 org.webjars:bootstrap 9 rubygems-update 9 horizon 9 org.jenkins-ci.plugins:git 9 bootstrap 9 angular 9 code.gitea.io/gitea 9 org.jenkins-ci.plugins:script-security 9 org.mortbay.jetty:jetty 9 org.opencrx:opencrx-core-models 9 pyftpdlib 9 github.com/traefik/traefik/v2 9 gogs.io/gogs 9 helm.sh/helm/v3 9 swagger-ui 9 org.opencms:opencms-core 9 sylius/sylius 9 org.igniterealtime.openfire:parent 9 actionview 8 impresscms/impresscms 8 onionshare-cli 8 org.apache.activemq:activemq-client 8 github.com/openfga/openfga 8 bootstrap.sass 8 electron 8 modoboa 8 OctoPrint 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 pimcore/admin-ui-classic-bundle 8 phpbb/phpbb 8 rails-html-sanitizer 8 centreon/centreon 8 camaleon_cms 8 rails 8 github.com/kubeedge/kubeedge 8 Microsoft.ChakraCore 8 calibreweb 8 opencv-python 8 opencv-contrib-python 8 next 8 laravel/framework 8 jquery-rails 8 contao/contao 8 activerecord 7 org.jenkins-ci.plugins:config-file-provider 7 twisted 7 org.bouncycastle:bcprov-jdk15to18 7 phpmyfaq/phpmyfaq 7 bootstrap-sass 7 validator 7 swift 7 org.bouncycastle:bcprov-jdk15 7 org.jenkins-ci.plugins:subversion 7 org.webjars.npm:jquery 7 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 org.owasp.antisamy:antisamy 7 github.com/rancher/rancher 7 feehi/cms 7 urllib3 7 github.com/zitadel/zitadel 7 org.jenkins-ci.plugins:email-ext 7 org.opennms:opennms 7 io.jenkins.blueocean:blueocean 7
Filter by Repository
https://github.com/tensorflow/tensorflow 200 https://github.com/moodle/moodle 172 https://github.com/jenkinsci/jenkins 91 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 61 https://github.com/apache/tomcat 55 https://github.com/TYPO3/typo3 53 https://github.com/django/django 47 https://github.com/silverstripe/silverstripe-framework 47 https://github.com/usememos/memos 46 https://github.com/thorsten/phpmyfaq 45 https://github.com/apache/airflow 42 https://github.com/xwiki/xwiki-platform 41 https://github.com/rails/rails 39 https://github.com/librenms/librenms 34 https://github.com/kubernetes/kubernetes 34 https://github.com/star7th/showdoc 32 https://github.com/keycloak/keycloak 31 https://github.com/symfony/symfony 27 https://github.com/ansible/ansible 26 https://github.com/grafana/grafana 24 https://github.com/spring-projects/spring-framework 24 https://github.com/craftcms/cms 23 https://github.com/argoproj/argo-cd 22 https://github.com/Dolibarr/dolibarr 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/concretecms/concretecms 21 https://github.com/magento/magento2 20 https://github.com/plone/Products.CMFPlone 20 https://github.com/snipe/snipe-it 20 https://github.com/firefly-iii/firefly-iii 20 https://github.com/apache/activemq 19 https://github.com/openstack/nova 19 https://github.com/mautic/mautic 18 https://github.com/shopware/shopware 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/matrix-org/synapse 16 https://github.com/ikus060/rdiffweb 16 https://github.com/openstack/keystone 15 https://github.com/cilium/cilium 15 https://github.com/vyperlang/vyper 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/umbraco/Umbraco-CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/froxlor/froxlor 14 https://github.com/baserproject/basercms 14 https://github.com/gradio-app/gradio 14 https://github.com/tinymce/tinymce 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/directus/directus 13 https://github.com/octobercms/october 13 https://github.com/go-gitea/gitea 13 https://github.com/contao/contao 13 https://github.com/getkirby/kirby 13 https://github.com/apache/cxf 13 https://github.com/x-stream/xstream 13 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/forkcms/forkcms 11 https://github.com/goharbor/harbor 11 https://github.com/moby/moby 11 https://github.com/apache/nifi 11 https://github.com/liufee/cms 10 https://github.com/decidim/decidim 10 https://github.com/mattermost/mattermost 10 https://github.com/ckeditor/ckeditor4 10 https://github.com/geoserver/geoserver 10 https://github.com/github/advisory-database 10 https://github.com/laurent22/joplin 10 https://github.com/vaadin/platform 10 https://github.com/ethereum/go-ethereum 10 https://github.com/hashicorp/consul 10 https://github.com/traefik/traefik 10 https://github.com/containerd/containerd 10 https://github.com/simplesamlphp/simplesamlphp 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/strapi/strapi 10 https://github.com/greenpau/caddy-security 10 https://github.com/intelliants/subrion 10 https://github.com/aio-libs/aiohttp 10 https://github.com/electron/electron 9 https://github.com/TryGhost/Ghost 9 https://github.com/rack/rack 9 https://github.com/openstack/glance 9 https://github.com/publify/publify 9 https://github.com/TYPO3-CMS/core 9 https://github.com/helm/helm 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/wallabag/wallabag 9 https://github.com/bytecodealliance/wasmtime 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/puppetlabs/puppet 9 https://github.com/jquery/jquery 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/zendframework/zendframework 8 https://github.com/dotnet/runtime 8 https://github.com/backstage/backstage 8 https://github.com/LavaLite/cms 8 https://github.com/bcgit/bc-java 8 https://github.com/kubeedge/kubeedge 8 https://github.com/onionshare/onionshare 8 https://github.com/saltstack/salt 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/modoboa/modoboa 8 https://github.com/getgrav/grav 8 https://github.com/apache/zeppelin 8 https://github.com/openfga/openfga 8 https://github.com/dolibarr/dolibarr 8 https://github.com/pandao/editor.md 8 https://github.com/pimcore/admin-ui-classic-bundle 8 https://github.com/eclipse/jetty.project 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/rubygems/rubygems 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/laravel/framework 7 https://github.com/pyload/pyload 7 https://github.com/twbs/bootstrap 7 https://github.com/python-pillow/Pillow 7 https://github.com/undertow-io/undertow 7 https://github.com/nahsra/antisamy 7 https://github.com/google/fscrypt 7 https://github.com/urllib3/urllib3 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/rancher/rancher 7 https://github.com/dpgaspar/Flask-AppBuilder 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/sulu/sulu 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/opencast/opencast 7 https://github.com/gogs/gogs 7 https://github.com/opencv/opencv 7 https://github.com/zitadel/zitadel 7 https://github.com/janeczku/calibre-web 7 https://github.com/jupyter/notebook 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/scrapy/scrapy 7 https://github.com/containers/podman 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/openstack/horizon 7 https://github.com/hashicorp/vault 7 https://github.com/Sylius/Sylius 7 https://github.com/vaadin/flow 7 https://github.com/oroinc/orocommerce 6 https://github.com/wagtail/wagtail 6 https://github.com/stacklok/minder 6 https://github.com/vantage6/vantage6 6 https://github.com/opensearch-project/security 6 https://github.com/pomerium/pomerium 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/ckan/ckan 6 https://github.com/puma/puma 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/zenml-io/zenml 6 https://github.com/mantisbt/mantisbt 6 https://github.com/hashicorp/nomad 6 https://github.com/dompdf/dompdf 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/apache/superset 6 https://github.com/neorazorx/facturascripts 6 https://github.com/jquery/jquery-ui 6 https://github.com/owen2345/camaleon-cms 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/lxml/lxml 6 https://github.com/cui2shark/security 6 https://github.com/yiisoft/yii2 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/nocodb/nocodb 6 https://github.com/vercel/next.js 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/parse-community/parse-server 6 https://github.com/croogo/croogo 6 https://github.com/opencontainers/runc 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/twisted/twisted 6 https://github.com/unshiftio/url-parse 5 https://github.com/pgadmin-org/pgadmin4 5 https://github.com/opencart/opencart 5 https://github.com/roundup-tracker/roundup 5 https://github.com/etcd-io/etcd 5 https://github.com/cri-o/cri-o 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/xuxueli/xxl-job 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/psf/requests 5 https://github.com/apache/kylin 5 https://github.com/LimeSurvey/LimeSurvey 5 https://github.com/paritytech/frontier 5 https://github.com/pterodactyl/panel 5 https://github.com/admidio/admidio 5