Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1jZ3FmLTNjcTUtd3Zjas4AA5zT
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0zajI3LTU2M3YtMjh3Zs4AA5zR
*const c_void / ExternalPointer unsoundness leading to use-after-free
Ecosystems: cargo
Packages: Deno
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS01ZnJ3LTRyd3EteGhjcs4AA5zP
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1tNzU3LXA4cnYtNHE5M84AA5zJ
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0yNnczLXE0ajgtNHhqcM4AA5zI
1Panel open source panel project has an unauthorized vulnerability.
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username Enumeration
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoS
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1qcjgzLW0yMzMtZ2c2cM4AA5wF
Sulu grants access to pages regardless of role permissions
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1qdzQ0LTRmM2otcTM5Ns4AA5uc
Helm shows secrets in clear text
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS04MmpmLThmMjQteHE5bc4AA5t8
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Ecosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN
Directus version number disclosure
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1ydjRoLW00d2Mtdjk5d84AA5r9
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1ocDJ4LTZ2cm0tN2o3ds4AA5sA
Apache Archiva Reflected Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva-common
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1oNTk1LXZ3aGMtM3h3eM4AA5r-
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Apache Ambari: Various Cross site scripting problems
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1mZmZnLWN3YzkteHZqN84AA5rI
mongo-express Cross-site Request Forgery vulnerability
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS02anZnLWhwMjUtNDJmNs4AA5rD
Nteract Remote Code Execution vulnerability
Ecosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirect
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions Ignored
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1od2pmLTQ2NjctZ3F3eM4AA5qF
Mattermost allows attackers access to posts in channels they are not a member of
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1meDQ4LXh2NnEtNmdwM84AA5p9
Mattermost post fetching without auditing in compliance export
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji value
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1wZnc2LTVyeDMteGgzY84AA5p-
Mattermost fails to check the "invite_guest" permission
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS03djN2LTk4NHYtaDc0cs4AA5p_
Mattermost leaks details of AD/LDAP groups of a teams
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS03NXgyLTZoNG0taDZteM4AA5oj
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Ecosystems: nuget
Packages: FullStackHero.WebAPI.Boilerplate
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS12cjY0LXI5cWotaDI3Zs4AA5o_
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
Ecosystems: maven
Packages: org.clojure:clojure
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template Injection
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS02cXZ3LTI0OWotaDQ0Y84AA5mp
jose4j denial of service via specifically crafted JWE
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanisms
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host header
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1mcXhqLTQ2d2ctOXY4NM4AA5l0
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS0zdjlyLTg4NWotNzYyZ84AA5lb
Apache Superset: Improper authorization validation on dashboards and charts import
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS13cjZnLTl3Y3ItY21xas4AA5le
Apache Superset: Improper data authorization when creating a new dataset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS01NDc0LWY3ZzUtMjczcc4AA5ld
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1tNmptLTN2MzgtNzZqNM4AA5la
Apache Superset: Improper Neutralization of custom SQL on embedded context
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1oN3I2LThxbW0taGo1cs4AA5lZ
Apache Superset: Improper error handling on alerts
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS04aDIyLThjZjctaHE2Z84AA5jP
Rails has possible Sensitive Session Information Leak in Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1qdzdyLXJ4ZmYtZ3YyNM4AA5if
Apache James MIME4J improper input validation vulnerability
Ecosystems: maven
Packages: org.apache.james:apache-mime4j-core
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcnA5LTIzcDctZzVtZs4AA5ic
Apache Ambari XML External Entity injection
Ecosystems: maven
Packages: org.apache.ambari.contrib.views:wfmanager
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xNHFoLThweHctcjQ4cc4AA5iX
Subrion CMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Subrion CMS vulnerable to SQL Injection
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12ZjdqLWNtcmotcG1tbc4AA5iJ
ZenML Server Remote Privilege Escalation Vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wNXE5LTg2dzQtMnhyNc4AA5iD
SMTP smuggling in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1weDd3LWM5Z3ctN2dqM84AA5hU
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerability
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03cDdxLWZqZnctdjNnZs4AA5gw
Bagisto Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NzJyLTk3cjctdngycc4AA5gJ
pretix mishandles file validation
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oOHd2LTloOTYtbTRocs4AA5eq
Onnx Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zOG04LTVnZmMtNjYzZ84AA5c3
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00aGZwLW05Z3YtbTc1M84AA5bO
XWiki extension license information is public, exposing instance id and license holder details
Ecosystems: maven
Packages: com.xwiki.licensing:application-licensing-licensor-ui
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oZ3I2LTZoaHctODgzZs4AA5aV
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03cncyLTNoaHAtcmM0Ns4AA5Z0
Cross-site Scripting Vulnerability in Statement Browser
Ecosystems: maven
Packages: com.yetanalytics:lrs
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02d3I1LWptcHItbWpjeM4AA5Zt
Uncaught Exception in Macro Expecting Native Function to Exist
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04eGZmLTQ3M2gtZjg2M84AA5Zs
Uncaught Exception Handling Parsing Errors on Line Terminators
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Published: about 1 month ago
Statistics
Advisories: 17,221
Packages: 7,995
Repositories: 2,329
Ecosystems: 12
Filter by Package
tensorflow 207 moodle/moodle 193 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 95 pimcore/pimcore 83 microweber/microweber 62 typo3/cms 61 django 54 apache-airflow 51 typo3/cms-core 49 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 39 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 31 plone 30 github.com/mattermost/mattermost-server/v6 30 dolibarr/dolibarr 29 phpmyadmin/phpmyadmin 28 ansible 28 org.keycloak:keycloak-core 27 com.liferay.portal:release.portal.bom 25 github.com/mattermost/mattermost/server/v8 24 craftcms/cms 24 snipe/snipe-it 24 github.com/grafana/grafana 23 symfony/symfony 23 org.elasticsearch:elasticsearch 23 baserproject/basercms 22 Plone 22 github.com/answerdev/answer 21 intelliants/subrion 21 silverstripe/framework 21 org.apache.struts:struts2-core 20 grumpydictator/firefly-iii 19 k8s.io/kubernetes 19 rdiffweb 18 shopware/shopware 18 remdex/livehelperchat 18 shopware/platform 17 getkirby/cms 17 matrix-synapse 17 org.apache.tomcat.embed:tomcat-embed-core 15 froxlor/froxlor 15 nokogiri 14 yetiforce/yetiforce-crm 14 puppet 14 com.jfinal:jfinal 13 org.keycloak:keycloak-parent 13 Pillow 13 drupal/core 13 forkcms/forkcms 13 prestashop/prestashop 13 org.apache.jspwiki:jspwiki-main 12 tinymce 12 com.thoughtworks.xstream:xstream 12 nova 12 github.com/goharbor/harbor 12 shopware/core 12 github.com/hashicorp/consul 12 io.undertow:undertow-core 12 tribalsystems/zenario 12 org.xwiki.platform:xwiki-platform-oldcore 12 org.apache.solr:solr-core 12 github.com/argoproj/argo-cd/v2 12 DotNetNuke.Core 11 github.com/hashicorp/vault 11 github.com/cilium/cilium 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 francoisjacquet/rosariosis 10 github.com/greenpau/caddy-security 10 pyftpdlib 10 cakephp/cakephp 10 org.springframework.security:spring-security-core 10 PaddlePaddle 10 fat_free_crm 10 activesupport 10 org.springframework:spring-core 10 com.vaadin:vaadin-bom 10 wallabag/wallabag 10 @openzeppelin/contracts-upgradeable 10 typo3/cms-backend 10 @openzeppelin/contracts 10 org.apache.jspwiki:jspwiki-war 10 github.com/ethereum/go-ethereum 10 github.com/containerd/containerd 10 org.apache.nifi:nifi 10 lavalite/cms 10 notebook 10 helm.sh/helm/v3 10 org.eclipse.jetty:jetty-server 10 github.com/docker/docker 9 TinyMCE 9 mautic/core 9 org.jenkins-ci.plugins:git 9 tinymce/tinymce 9 ghost 9 jquery-rails 9 gogs.io/gogs 9 directus 9 org.mortbay.jetty:jetty 9 rack 9 org.igniterealtime.openfire:parent 9 getgrav/grav 9 publify_core 9 org.opencrx:opencrx-core-models 9 angular 9 swagger-ui 9 nilsteampassnet/teampass 9 vyper 9 ckeditor4 9 rubygems-update 9 zendframework/zendframework1 9 github.com/hashicorp/nomad 9 glance 9 Django 8 Microsoft.ChakraCore 8 contao/core-bundle 8 actionview 8 impresscms/impresscms 8 rails 8 editor.md 8 electron 8 bootstrap 8 org.opencms:opencms-core 8 org.jenkins-ci.plugins:script-security 8 github.com/openfga/openfga 8 github.com/kubeedge/kubeedge 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 rails-html-sanitizer 8 opencv-python 8 drupal/drupal 8 wasmtime 8 org.webjars.npm:jquery 8 org.apache.activemq:activemq-client 8 org.bouncycastle:bcprov-jdk14 8 org.jenkins-ci.plugins:electricflow 8 jquery 8 org.apache.archiva:archiva 8 next 7 OctoPrint 7 activerecord 7 joplin 7 org.keycloak:keycloak-services 7 jQuery 7 org.bouncycastle:bcprov-jdk15 7 io.jenkins.blueocean:blueocean 7 org.apache.cxf:cxf-core 7 org.jenkins-ci.plugins:subversion 7 github.com/mattermost/mattermost-server 7 vantage6 7 io.jenkins:configuration-as-code 7 admidio/admidio 7 org.jenkins-ci.plugins:email-ext 7 kevinpapst/kimai2 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15on 7 contao/contao 7 validator 7 com.vaadin:flow-server 7 jQuery.UI.Combined 7 phpmyfaq/phpmyfaq 7 org.webjars.npm:jquery-ui 7 org.jenkins-ci.plugins:config-file-provider 7 silverstripe/admin 7 pyload-ng 7 org.owasp.antisamy:antisamy 7 org.opennms:opennms 7 github.com/google/fscrypt 7 jquery-ui-rails 7 modoboa 7 jquery-ui 7 org.apache.james:james-server 7 sanitize-html 6 org.cloudfoundry.identity:cloudfoundry-identity-server 6 github.com/moby/moby 6 github.com/1Panel-dev/1Panel 6 url-parse 6 urllib3 6 cockpit-hq/cockpit 6 neutron 6 elefant/cms 6 snyk-broker 6 urijs 6 org.jenkins-ci.plugins:openshift-deployer 6 io.netty:netty 6 org.apache.pdfbox:pdfbox 6 facturascripts/facturascripts 6 aiohttp 6 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 6 github.com/cubefs/cubefs 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 80 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 50 https://github.com/apache/airflow 47 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/django/django 42 https://github.com/xwiki/xwiki-platform 36 https://github.com/rails/rails 33 https://github.com/TYPO3/typo3 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 29 https://github.com/kubernetes/kubernetes 27 https://github.com/plone/Products.CMFPlone 26 https://github.com/ansible/ansible 23 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 20 https://github.com/snipe/snipe-it 20 https://github.com/concretecms/concretecms 19 https://github.com/apache/activemq 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/livehelperchat/livehelperchat 18 https://github.com/symfony/symfony 18 https://github.com/grafana/grafana 18 https://github.com/ikus060/rdiffweb 18 https://github.com/keycloak/keycloak 18 https://github.com/apache/struts 17 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/argoproj/argo-cd 16 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 15 https://github.com/CVEProject/cvelist 15 https://github.com/python-pillow/Pillow 14 https://github.com/OpenNMS/opennms 14 https://github.com/froxlor/froxlor 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/phpmyadmin/phpmyadmin 14 https://github.com/x-stream/xstream 13 https://github.com/Dolibarr/dolibarr 13 https://github.com/getkirby/kirby 13 https://github.com/octobercms/october 13 https://github.com/tinymce/tinymce 12 https://github.com/goharbor/harbor 12 https://github.com/apache/cxf 12 https://github.com/netty/netty 12 https://github.com/cilium/cilium 11 https://github.com/forkcms/forkcms 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/liufee/cms 10 https://github.com/silverstripe/silverstripe-framework 10 https://github.com/containerd/containerd 10 https://github.com/helm/helm 10 https://github.com/vaadin/platform 10 https://github.com/baserproject/basercms 10 https://github.com/jquery/jquery 10 https://github.com/ethereum/go-ethereum 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/greenpau/caddy-security 10 https://github.com/vyperlang/vyper 9 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/mautic/mautic 9 https://github.com/geoserver/geoserver 9 https://github.com/go-gitea/gitea 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/swagger-api/swagger-ui 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/eclipse/jetty.project 8 https://github.com/jupyter/notebook 8 https://github.com/kubeedge/kubeedge 8 https://github.com/intelliants/subrion 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/openfga/openfga 8 https://github.com/moby/moby 8 https://github.com/bcgit/bc-java 8 https://github.com/wallabag/wallabag 8 https://github.com/hashicorp/consul 8 https://github.com/LavaLite/cms 8 https://github.com/directus/directus 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/rubygems/rubygems 8 https://github.com/pandao/editor.md 8 https://github.com/TryGhost/Ghost 8 https://github.com/getgrav/grav 8 https://github.com/contao/contao 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/rack/rack 7 https://github.com/dolibarr/dolibarr 7 https://github.com/laurent22/joplin 7 https://github.com/pyload/pyload 7 https://github.com/modoboa/modoboa 7 https://github.com/vantage6/vantage6 7 https://github.com/gogs/gogs 7 https://github.com/twbs/bootstrap 7 https://github.com/hashicorp/vault 7 https://github.com/kevinpapst/kimai2 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/google/fscrypt 7 https://github.com/ckeditor/ckeditor4 7 https://github.com/wagtail/wagtail 7 https://github.com/opencv/opencv 7 https://github.com/vaadin/flow 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/nahsra/antisamy 7 https://github.com/cubefs/cubefs 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/neorazorx/facturascripts 6 https://github.com/cui2shark/security 6 https://github.com/onionshare/onionshare 6 https://github.com/opensearch-project/security 6 https://github.com/panva/jose 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/backstage/backstage 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/igniterealtime/Openfire 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/traefik/traefik 6 https://github.com/oroinc/orocommerce 6 https://github.com/aio-libs/aiohttp 6 https://github.com/parse-community/parse-server 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/opencast/opencast 6 https://github.com/urllib3/urllib3 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/vercel/next.js 5 https://github.com/Sylius/Sylius 5 https://github.com/dompdf/dompdf 5 https://github.com/apache/lucene-solr 5 https://github.com/lxml/lxml 5 https://github.com/vapor/vapor 5 https://github.com/zendframework/zf1 5 https://github.com/Amanieu/parking_lot 5 https://github.com/unshiftio/url-parse 5 https://github.com/nervosnetwork/ckb 5 https://github.com/puma/puma 5 https://github.com/etcd-io/etcd 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/lief-project/LIEF 5 https://github.com/dotnet/runtime 5 https://github.com/sulu/sulu 5 https://github.com/nodejs/undici 5 https://github.com/cri-o/cri-o 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/NodeBB/NodeBB 5 https://github.com/cloudfoundry/uaa 5 https://github.com/admidio/admidio 5 https://github.com/apache/tika 5 https://github.com/paritytech/frontier 5 https://github.com/kivikakk/comrak 5 https://github.com/numpy/numpy 5 https://github.com/apache/kylin 5 https://github.com/xuxueli/xxl-job 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/cakephp/cakephp 5 https://github.com/mattermost/mattermost 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/umbraco/Umbraco-CMS 5 https://github.com/opencontainers/runc 5 https://github.com/containers/podman 5 https://github.com/ipython/ipython 5 https://github.com/croogo/croogo 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/centreon/centreon-archived 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/superset 5 https://github.com/hyperium/hyper 5 https://github.com/evershopcommerce/evershop 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/openstack/keystone 5 https://github.com/apostrophecms/sanitize-html 4 https://github.com/jenkinsci/active-choices-plugin 4 https://github.com/vega/vega 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/jenkinsci/ansible-plugin 4 https://github.com/jupyter-server/jupyter_server 4 https://github.com/psf/requests 4 https://github.com/keystonejs/keystone 4 https://github.com/codeigniter4/shield 4 https://github.com/rancher/rancher 4 https://github.com/decidim/decidim 4