Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-djangon affected by Improper Handling of Case Sensitivity
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS0yODdmLTQ2ajctajR3aM4AA7R8
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Ecosystems: nuget
Packages: Plumber.Workflow, Umbraco.Workflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 4 hours ago
Moderate
GSA_kwCzR0hTQS12andnLTI4Z3YtcG04aM4AA7R7
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 4 hours ago
Moderate
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooks
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 23 hours ago
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 23 hours ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1ycWd2LTI5MnYtNXFncs4AA7QK
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0zbXBmLXJjYzctNTM0N84AA7QJ
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tdzgyLTZtMmctcWg2Y84AA7PU
Sylius Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0ybW03LXg1aDYtNXB2cc4AA7PS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC
Apache Answer: XSS vulnerability when changing personal website
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1teDNwLWZocHcteDZyds4AA7NP
TCPDF vulnerable to Regular Expression Denial of Service
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfaces
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Blind SSRF Leads to Port Scan by using Webhooks
Ecosystems: nuget
Packages: Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1yNTJoLWZqbTctOTNqOM4AA7I0
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: com.blazemeter.plugins:BlazeMeterJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakage
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespaces
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS12aDJtLTIyeHgtcTk0Zs4AA6-B
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Ecosystems: nuget
Packages: OpenTelemetry.Instrumentation.AspNetCore, OpenTelemetry.Instrumentation.Http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS03OXZ2LXZwMzItZ3BwN84AA68L
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Ecosystems: maven
Packages: org.apache.kafka:kafka-metadata
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leaked
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qMnI2LXI5MjktdjZnZs4AA63s
XWiki Platform CSRF in the job scheduler
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12NzgyLXhyNHctM3ZxeM4AA63m
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q
mysql2 cache poisoning vulnerability
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p
mysql2 vulnerable to Prototype Poisoning
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS13dnhjLTg1NWYtanZyds4AA6y0
Azure Identity Library for .NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Azure.Identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1xbXIzLTUyeGYtd21oeM4AA6yr
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nNDRtLXg1aDctZnI1cc4AA6wa
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1ycnZmLTV3NHItM3g3ds4AA6wc
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-interpreter
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS02NjIzLWM2bXItNjczN84AA6vz
Apache Zeppelin: Denial of service with invalid notebook name
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1tNjVjLXdtdzktdm1wcM4AA6v0
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1ycjU5LWg2cmgtdjg0ds4AA6vw
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Ecosystems: maven
Packages: org.apache.zeppelin:sap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1wcnZnLXJoNWgtNzRqcs4AA6vx
Apache Zeppelin CSRF vulnerability in the Credentials page
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-web
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nNjRyLXhmMzktcTRwNc4AA6vv
Apache Zeppelin Path Traversal vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1yOTU2LTI1NTMtdnZocs4AA6sD
React Native Sms User Consent Intent Redirection Vulnerability
Ecosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo
Grafana: Users outside an organization can delete a snapshot with its key
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS0ycDJ4LXA3d2otajVoMs4AA6qU
PsiTransfer: File integrity violation
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV
PsiTransfer: Violation of the integrity of file distribution
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1xNmNwLXFmd3EtNGdjds4AA6qI
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any user
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Mattermost fails to authenticate the source of certain types of post actions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB
Mattermost Server doesn't limit the number of user preferences
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS13Njd2LXBoNHgtZjQ4cc4AA6p_
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS00djd4LXBxeGYtY3g3bc4AA6pf
net/http, x/net/http2: close connections when receiving too many headers
Ecosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX
HashiCorpVault does not correctly validate OCSP responses
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS13cGZmLXdtODQteDVjeM4AA6o4
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS13bXhjLXYzOXItcDl3Zs4AA6nq
Temporal Server Denial of Service
Ecosystems: go
Packages: github.com/temporalio/temporal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS12amhmLTZ4ZnItNXA5Z84AA6lt
KubeVirt NULL pointer dereference flaw
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1wNzN4LXJwZ20tM3Y1Ns4AA6kj
Dolibarr ERP CRM Code Injection vulnerability during installation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6
Pillow buffer overflow vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS03bWcyLTZjNnYtMzQycs4AA6ji
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1oaGY4LWY1dzktZzZ2aM4AA6i0
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Ecosystems: packagist
Packages: causal/oidc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerability
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS05cGgzLXYydmgtM3F4N84AA6iX
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1qaHZmLTdjODUtM2M5Z84AA6gZ
LocalAI cross-site request forgery vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1oY3cyLTJyOWMtZ2M2cM4AA6gM
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04dmo5LTV2NXEtZmhjaM4AA6fR
Bonita cross-site scripting vulnerability
Ecosystems: maven
Packages: org.bonitasoft.platform:platform-resources, org.bonitasoft.console:bonita-web-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0zNXczLTZxaGMtNDc0ds4AA6d0
@workos-inc/authkit-nextjs session replay vulnerability
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1jajNjLTV4cG0tY3g5NM4AA6dz
Kimai API returns timesheet entries a user should not be authorized to view
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS14NzY4LWN2cjItMzQ1cs4AA6dy
Un-sanitized metric name or labels can be used to take over exported metrics
Ecosystems: swift
Packages: github.com/swift-server/swift-prometheus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Statistics
Advisories: 17,859
Packages: 8,198
Repositories: 2,397
Ecosystems: 12
Filter by Severity
Moderate 7,671 High 6,206 Critical 2,736 Low 964
Filter by Ecosystem
maven 2,540 packagist 2,008 pypi 1,645 npm 1,054 go 847 nuget 537 rubygems 371 cargo 260 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 243 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 microweber/microweber 62 typo3/cms 61 django 54 apache-airflow 52 phpmyadmin/phpmyadmin 49 typo3/cms-core 49 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 39 drupal/core 35 plone 34 showdoc/showdoc 34 concrete5/concrete5 34 dolibarr/dolibarr 32 ansible 31 org.keycloak:keycloak-core 31 librenms/librenms 31 github.com/mattermost/mattermost-server/v6 30 github.com/mattermost/mattermost/server/v8 27 drupal/drupal 27 com.liferay.portal:release.portal.bom 25 craftcms/cms 24 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 symfony/symfony 23 github.com/grafana/grafana 23 Plone 22 baserproject/basercms 22 intelliants/subrion 21 github.com/answerdev/answer 21 silverstripe/framework 21 org.apache.struts:struts2-core 20 grumpydictator/firefly-iii 19 k8s.io/kubernetes 19 shopware/platform 18 remdex/livehelperchat 18 rdiffweb 18 matrix-synapse 18 shopware/shopware 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 froxlor/froxlor 15 prestashop/prestashop 14 yetiforce/yetiforce-crm 14 nokogiri 14 github.com/argoproj/argo-cd/v2 14 puppet 14 Pillow 13 forkcms/forkcms 13 shopware/core 13 com.jfinal:jfinal 13 org.xwiki.platform:xwiki-platform-oldcore 13 mautic/core 13 io.undertow:undertow-core 13 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 nova 12 tribalsystems/zenario 12 com.thoughtworks.xstream:xstream 12 github.com/goharbor/harbor 12 github.com/hashicorp/vault 12 tinymce 12 github.com/docker/docker 12 org.apache.jspwiki:jspwiki-main 12 github.com/hashicorp/nomad 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 feehi/feehicms 11 DotNetNuke.Core 11 github.com/cilium/cilium 11 org.keycloak:keycloak-services 11 org.eclipse.jetty:jetty-server 10 pyftpdlib 10 @openzeppelin/contracts-upgradeable 10 @openzeppelin/contracts 10 typo3/cms-backend 10 helm.sh/helm/v3 10 salt 10 francoisjacquet/rosariosis 10 PaddlePaddle 10 lavalite/cms 10 activesupport 10 org.apache.nifi:nifi 10 github.com/ethereum/go-ethereum 10 com.vaadin:vaadin-bom 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 github.com/containerd/containerd 10 fat_free_crm 10 org.apache.jspwiki:jspwiki-war 10 wallabag/wallabag 10 contao/core-bundle 10 notebook 10 neutron 10 org.springframework:spring-core 10 joplin 10 gogs.io/gogs 9 directus 9 cakephp/cakephp 9 rack 9 ghost 9 getgrav/grav 9 publify_core 9 vyper 9 zendframework/zendframework1 9 nilsteampassnet/teampass 9 swagger-ui 9 rubygems-update 9 org.jenkins-ci.plugins:git 9 glance 9 org.opencrx:opencrx-core-models 9 angular 9 org.mortbay.jetty:jetty 9 ckeditor4 9 org.igniterealtime.openfire:parent 9 jquery-rails 9 TinyMCE 9 tinymce/tinymce 9 impresscms/impresscms 8 actionview 8 org.apache.archiva:archiva 8 github.com/openfga/openfga 8 silverstripe/cms 8 github.com/kubeedge/kubeedge 8 centreon/centreon 8 rails 8 editor.md 8 org.jenkins-ci.plugins:script-security 8 bootstrap 8 bolt/bolt 8 Django 8 org.opencms:opencms-core 8 electron 8 opencv-contrib-python 8 opencv-python 8 Microsoft.ChakraCore 8 rails-html-sanitizer 8 wasmtime 8 org.jenkins-ci.plugins:electricflow 8 org.apache.activemq:activemq-client 8 jquery 8 org.webjars.npm:jquery 8 org.bouncycastle:bcprov-jdk14 8 io.jenkins.blueocean:blueocean 7 github.com/google/fscrypt 7 sylius/sylius 7 moin 7 silverstripe/admin 7 kevinpapst/kimai2 7 aiohttp 7 github.com/moby/moby 7 activerecord 7 pyload-ng 7 com.vaadin:flow-server 7 org.jenkins-ci.plugins:email-ext 7 org.jenkins-ci.plugins:subversion 7 validator 7 io.jenkins:configuration-as-code 7 next 7 org.apache.james:james-server 7 OctoPrint 7 phpmyfaq/phpmyfaq 7 org.bouncycastle:bcprov-jdk15 7 org.jenkins-ci.plugins:config-file-provider 7 org.owasp.antisamy:antisamy 7 contao/contao 7 org.opennms:opennms 7 github.com/mattermost/mattermost-server 7 jQuery 7 jquery-ui 7 vantage6 7 modoboa 7 phpbb/phpbb 7 wagtail 7 jquery-ui-rails 7 org.apache.santuario:xmlsec 7 org.webjars.npm:jquery-ui 7 org.apache.cxf:cxf-core 7 admidio/admidio 7 jQuery.UI.Combined 7 org.bouncycastle:bcprov-jdk15on 7 org.jenkins-ci.plugins:azure-vm-agents 6 github.com/cosmos/cosmos-sdk 6 elefant/cms 6 cockpit-hq/cockpit 6 url-parse 6 opencart/opencart 6 org.apache.pdfbox:pdfbox 6 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 6 urijs 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 52 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/TYPO3/typo3 32 https://github.com/librenms/librenms 29 https://github.com/plone/Products.CMFPlone 28 https://github.com/kubernetes/kubernetes 27 https://github.com/ansible/ansible 26 https://github.com/keycloak/keycloak 25 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/spring-projects/spring-framework 21 https://github.com/answerdev/answer 21 https://github.com/snipe/snipe-it 20 https://github.com/craftcms/cms 20 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/argoproj/argo-cd 18 https://github.com/symfony/symfony 18 https://github.com/grafana/grafana 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/python-pillow/Pillow 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/CVEProject/cvelist 15 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/froxlor/froxlor 14 https://github.com/OpenNMS/opennms 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/mautic/mautic 13 https://github.com/Dolibarr/dolibarr 13 https://github.com/octobercms/october 13 https://github.com/x-stream/xstream 13 https://github.com/getkirby/kirby 13 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/forkcms/forkcms 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/cilium/cilium 11 https://github.com/laurent22/joplin 10 https://github.com/vaadin/platform 10 https://github.com/moby/moby 10 https://github.com/contao/contao 10 https://github.com/jquery/jquery 10 https://github.com/containerd/containerd 10 https://github.com/liufee/cms 10 https://github.com/silverstripe/silverstripe-framework 10 https://github.com/helm/helm 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/greenpau/caddy-security 10 https://github.com/ethereum/go-ethereum 10 https://github.com/baserproject/basercms 10 https://github.com/publify/publify 9 https://github.com/puppetlabs/puppet 9 https://github.com/go-gitea/gitea 9 https://github.com/apache/nifi 9 https://github.com/github/advisory-database 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vyperlang/vyper 9 https://github.com/pandao/editor.md 8 https://github.com/directus/directus 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/openfga/openfga 8 https://github.com/LavaLite/cms 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/wallabag/wallabag 8 https://github.com/intelliants/subrion 8 https://github.com/hashicorp/consul 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/getgrav/grav 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/eclipse/jetty.project 8 https://github.com/TryGhost/Ghost 8 https://github.com/saltstack/salt 7 https://github.com/kevinpapst/kimai2 7 https://github.com/dolibarr/dolibarr 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/gogs/gogs 7 https://github.com/traefik/traefik 7 https://github.com/apache/zeppelin 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/vaadin/flow 7 https://github.com/rack/rack 7 https://github.com/pyload/pyload 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/aio-libs/aiohttp 7 https://github.com/google/fscrypt 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/modoboa/modoboa 7 https://github.com/wagtail/wagtail 7 https://github.com/nahsra/antisamy 7 https://github.com/hashicorp/vault 7 https://github.com/opencv/opencv 7 https://github.com/mattermost/mattermost 7 https://github.com/vantage6/vantage6 7 https://github.com/twbs/bootstrap 7 https://github.com/giampaolo/pyftpdlib 6 https://github.com/cubefs/cubefs 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/urllib3/urllib3 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/panva/jose 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/parse-community/parse-server 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/opensearch-project/security 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/neorazorx/facturascripts 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/cui2shark/security 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/cloudflare/cfrpki 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/dotnet/runtime 6 https://github.com/onionshare/onionshare 6 https://github.com/opencast/opencast 6 https://github.com/oroinc/orocommerce 6 https://github.com/igniterealtime/Openfire 6 https://github.com/cloudfoundry/uaa 5 https://github.com/admidio/admidio 5 https://github.com/cri-o/cri-o 5 https://github.com/nervosnetwork/ckb 5 https://github.com/openstack/keystone 5 https://github.com/kivikakk/comrak 5 https://github.com/cakephp/cakephp 5 https://github.com/centreon/centreon-archived 5 https://github.com/sulu/sulu 5 https://github.com/undertow-io/undertow 5 https://github.com/lxml/lxml 5 https://github.com/unshiftio/url-parse 5 https://github.com/apache/lucene-solr 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/Amanieu/parking_lot 5 https://github.com/vapor/vapor 5 https://github.com/d4wner/Vulnerabilities-Report 5 https://github.com/containers/podman 5 https://github.com/paritytech/frontier 5 https://github.com/dompdf/dompdf 5 https://github.com/bolt/bolt 5 https://github.com/yiisoft/yii2 5 https://github.com/lief-project/LIEF 5 https://github.com/hashicorp/nomad 5 https://github.com/numpy/numpy 5 https://github.com/Sylius/Sylius 5 https://github.com/etcd-io/etcd 5 https://github.com/puma/puma 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/hyperium/hyper 5 https://github.com/apache/tika 5 https://github.com/NodeBB/NodeBB 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/ipython/ipython 5 https://github.com/opencontainers/runc 5 https://github.com/nodejs/undici 5 https://github.com/croogo/croogo 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/evershopcommerce/evershop 5 https://github.com/vercel/next.js 5 https://github.com/xuxueli/xxl-job 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/apache/superset 5 https://github.com/apache/kylin 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/jenkinsci/gerrit-trigger-plugin 4 https://gitlab.com/francoisjacquet/rosariosis 4 https://github.com/KaTeX/KaTeX 4 https://github.com/keystonejs/keystone 4