Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ydjRoLW00d2Mtdjk5d84AA5r9
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Apache Ambari: Various Cross site scripting problems
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mZmZnLWN3YzkteHZqN84AA5rI
mongo-express Cross-site Request Forgery vulnerability
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02anZnLWhwMjUtNDJmNs4AA5rD
Nteract Remote Code Execution vulnerability
Ecosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirect
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1od2pmLTQ2NjctZ3F3eM4AA5qF
Mattermost allows attackers access to posts in channels they are not a member of
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions Ignored
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji value
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wZnc2LTVyeDMteGgzY84AA5p-
Mattermost fails to check the "invite_guest" permission
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03djN2LTk4NHYtaDc0cs4AA5p_
Mattermost leaks details of AD/LDAP groups of a teams
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1meDQ4LXh2NnEtNmdwM84AA5p9
Mattermost post fetching without auditing in compliance export
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template Injection
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12cjY0LXI5cWotaDI3Zs4AA5o_
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
Ecosystems: maven
Packages: org.clojure:clojure
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NXgyLTZoNG0taDZteM4AA5oj
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Ecosystems: nuget
Packages: FullStackHero.WebAPI.Boilerplate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02cXZ3LTI0OWotaDQ0Y84AA5mp
jose4j denial of service via specifically crafted JWE
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host header
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanisms
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mcXhqLTQ2d2ctOXY4NM4AA5l0
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13cjZnLTl3Y3ItY21xas4AA5le
Apache Superset: Improper data authorization when creating a new dataset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zdjlyLTg4NWotNzYyZ84AA5lb
Apache Superset: Improper authorization validation on dashboards and charts import
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNmptLTN2MzgtNzZqNM4AA5la
Apache Superset: Improper Neutralization of custom SQL on embedded context
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01NDc0LWY3ZzUtMjczcc4AA5ld
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oN3I2LThxbW0taGo1cs4AA5lZ
Apache Superset: Improper error handling on alerts
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aDIyLThjZjctaHE2Z84AA5jP
Rails has possible Sensitive Session Information Leak in Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qdzdyLXJ4ZmYtZ3YyNM4AA5if
Apache James MIME4J improper input validation vulnerability
Ecosystems: maven
Packages: org.apache.james:apache-mime4j-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xcnA5LTIzcDctZzVtZs4AA5ic
Apache Ambari XML External Entity injection
Ecosystems: maven
Packages: org.apache.ambari.contrib.views:wfmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNHFoLThweHctcjQ4cc4AA5iX
Subrion CMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Subrion CMS vulnerable to SQL Injection
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12ZjdqLWNtcmotcG1tbc4AA5iJ
ZenML Server Remote Privilege Escalation Vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wNXE5LTg2dzQtMnhyNc4AA5iD
SMTP smuggling in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1weDd3LWM5Z3ctN2dqM84AA5hU
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerability
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cDdxLWZqZnctdjNnZs4AA5gw
Bagisto Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02NzJyLTk3cjctdngycc4AA5gJ
pretix mishandles file validation
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oOHd2LTloOTYtbTRocs4AA5eq
Onnx Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1obXg2LXI3NmMtODVnOc4AA5du
Gradio apps vulnerable to timing attacks to guess password
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zOG04LTVnZmMtNjYzZ84AA5c3
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00aGZwLW05Z3YtbTc1M84AA5bO
XWiki extension license information is public, exposing instance id and license holder details
Ecosystems: maven
Packages: com.xwiki.licensing:application-licensing-licensor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oZ3I2LTZoaHctODgzZs4AA5aV
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cncyLTNoaHAtcmM0Ns4AA5Z0
Cross-site Scripting Vulnerability in Statement Browser
Ecosystems: maven
Packages: com.yetanalytics:lrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00ajkzLWZtOTItcnA0bc4AA5Zy
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02d3I1LWptcHItbWpjeM4AA5Zt
Uncaught Exception in Macro Expecting Native Function to Exist
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04eGZmLTQ3M2gtZjg2M84AA5Zs
Uncaught Exception Handling Parsing Errors on Line Terminators
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr
Unencrypted traffic between pods when using Wireguard and an external kvstore
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploads
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates preview
Ecosystems: rubygems
Packages: decidim-templates
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12anFjLWc3ODgtZjM3OM4AA5Yg
Session Fixation Apache DolphinScheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qZnJnLTlocHEtOWh2cM4AA5Xx
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv
Improper Handling of Parameters in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy
Cross-Site Request Forgery in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jcDhtLWg3NzctZzRwM84AA5Xw
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Cross-site Scripting in Serenity
Ecosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
Statistics
Advisories: 17,439
Packages: 8,108
Repositories: 2,363
Ecosystems: 12
Filter by Severity
Moderate 7,458 High 6,088 Critical 2,659 Low 953
Filter by Ecosystem
maven 2,531 packagist 1,834 pypi 1,609 npm 1,044 go 837 nuget 417 rubygems 371 cargo 259 hex 14 swift 12 pub 3 actions 3
Filter by Package
tensorflow 207 moodle/moodle 193 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 93 pimcore/pimcore 83 microweber/microweber 62 typo3/cms 61 django 54 apache-airflow 51 typo3/cms-core 49 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 39 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 31 plone 30 dolibarr/dolibarr 30 github.com/mattermost/mattermost-server/v6 30 ansible 28 phpmyadmin/phpmyadmin 28 org.keycloak:keycloak-core 27 github.com/mattermost/mattermost/server/v8 27 com.liferay.portal:release.portal.bom 25 org.elasticsearch:elasticsearch 24 craftcms/cms 24 snipe/snipe-it 24 github.com/grafana/grafana 23 symfony/symfony 23 baserproject/basercms 22 Plone 22 intelliants/subrion 21 silverstripe/framework 21 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 19 grumpydictator/firefly-iii 19 remdex/livehelperchat 18 shopware/platform 18 shopware/shopware 18 rdiffweb 18 matrix-synapse 17 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 15 froxlor/froxlor 15 github.com/argoproj/argo-cd/v2 14 yetiforce/yetiforce-crm 14 puppet 14 nokogiri 14 drupal/core 13 com.jfinal:jfinal 13 org.keycloak:keycloak-parent 13 Pillow 13 forkcms/forkcms 13 shopware/core 13 org.xwiki.platform:xwiki-platform-oldcore 13 io.undertow:undertow-core 13 prestashop/prestashop 13 tinymce 12 mautic/core 12 github.com/goharbor/harbor 12 org.apache.jspwiki:jspwiki-main 12 org.apache.solr:solr-core 12 tribalsystems/zenario 12 github.com/hashicorp/consul 12 github.com/hashicorp/vault 12 com.thoughtworks.xstream:xstream 12 nova 12 github.com/cilium/cilium 11 DotNetNuke.Core 11 github.com/hashicorp/nomad 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 contao/core-bundle 10 org.eclipse.jetty:jetty-server 10 org.apache.jspwiki:jspwiki-war 10 francoisjacquet/rosariosis 10 @openzeppelin/contracts-upgradeable 10 @openzeppelin/contracts 10 PaddlePaddle 10 fat_free_crm 10 github.com/containerd/containerd 10 lavalite/cms 10 github.com/greenpau/caddy-security 10 wallabag/wallabag 10 typo3/cms-backend 10 pyftpdlib 10 org.springframework:spring-core 10 neutron 10 org.springframework.security:spring-security-core 10 activesupport 10 org.apache.nifi:nifi 10 helm.sh/helm/v3 10 com.vaadin:vaadin-bom 10 github.com/ethereum/go-ethereum 10 notebook 10 TinyMCE 9 publify_core 9 tinymce/tinymce 9 org.igniterealtime.openfire:parent 9 angular 9 org.opencrx:opencrx-core-models 9 getgrav/grav 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 vyper 9 github.com/docker/docker 9 swagger-ui 9 ckeditor4 9 rubygems-update 9 gogs.io/gogs 9 jquery-rails 9 org.jenkins-ci.plugins:git 9 directus 9 glance 9 nilsteampassnet/teampass 9 rack 9 ghost 9 Microsoft.ChakraCore 8 wasmtime 8 rails-html-sanitizer 8 opencv-python 8 opencv-contrib-python 8 org.jenkins-ci.plugins:electricflow 8 org.opencms:opencms-core 8 actionview 8 zendframework/zendframework1 8 Django 8 impresscms/impresscms 8 editor.md 8 org.apache.archiva:archiva 8 rails 8 org.webjars.npm:jquery 8 jquery 8 org.jenkins-ci.plugins:script-security 8 bootstrap 8 electron 8 org.apache.activemq:activemq-client 8 centreon/centreon 8 org.bouncycastle:bcprov-jdk14 8 drupal/drupal 8 github.com/openfga/openfga 8 silverstripe/cms 8 github.com/kubeedge/kubeedge 8 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 org.bouncycastle:bcprov-jdk15on 7 io.jenkins.blueocean:blueocean 7 activerecord 7 pyload-ng 7 next 7 vantage6 7 kevinpapst/kimai2 7 io.jenkins:configuration-as-code 7 OctoPrint 7 org.apache.james:james-server 7 phpmyfaq/phpmyfaq 7 validator 7 contao/contao 7 org.owasp.antisamy:antisamy 7 joplin 7 org.opennms:opennms 7 com.vaadin:flow-server 7 org.apache.cxf:cxf-core 7 wagtail 7 jQuery 7 org.jenkins-ci.plugins:email-ext 7 github.com/mattermost/mattermost-server 7 org.bouncycastle:bcprov-jdk15 7 modoboa 7 jquery-ui 7 silverstripe/admin 7 org.keycloak:keycloak-services 7 org.apache.santuario:xmlsec 7 jquery-ui-rails 7 org.jenkins-ci.plugins:subversion 7 org.jenkins-ci.plugins:config-file-provider 7 github.com/google/fscrypt 7 admidio/admidio 7 cockpit-hq/cockpit 6 marked 6 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 6 github.com/cosmos/cosmos-sdk 6 onionshare-cli 6 io.netty:netty 6 org.apache.poi:poi 6 facturascripts/facturascripts 6 url-parse 6 org.jenkins-ci.plugins:openshift-deployer 6 urllib3 6 org.cloudfoundry.identity:cloudfoundry-identity-server 6 magento/core 6 sanitize-html 6 github.com/cubefs/cubefs 6 github.com/moby/moby 6 parse-server 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 80 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 51 https://github.com/apache/airflow 49 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/TYPO3/typo3 32 https://github.com/librenms/librenms 29 https://github.com/kubernetes/kubernetes 27 https://github.com/plone/Products.CMFPlone 26 https://github.com/ansible/ansible 23 https://github.com/spring-projects/spring-framework 21 https://github.com/answerdev/answer 21 https://github.com/snipe/snipe-it 20 https://github.com/craftcms/cms 20 https://github.com/apache/activemq 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/concretecms/concretecms 19 https://github.com/keycloak/keycloak 18 https://github.com/ikus060/rdiffweb 18 https://github.com/argoproj/argo-cd 18 https://github.com/symfony/symfony 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/grafana/grafana 18 https://github.com/matrix-org/synapse 17 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/magento/magento2 16 https://github.com/python-pillow/Pillow 16 https://github.com/shopware/shopware 16 https://github.com/CVEProject/cvelist 15 https://github.com/froxlor/froxlor 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/phpmyadmin/phpmyadmin 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/octobercms/october 13 https://github.com/Dolibarr/dolibarr 13 https://github.com/x-stream/xstream 13 https://github.com/getkirby/kirby 13 https://github.com/netty/netty 12 https://github.com/goharbor/harbor 12 https://github.com/tinymce/tinymce 12 https://github.com/mautic/mautic 12 https://github.com/apache/cxf 12 https://github.com/PrestaShop/PrestaShop 11 https://github.com/cilium/cilium 11 https://github.com/forkcms/forkcms 11 https://github.com/containerd/containerd 10 https://github.com/contao/contao 10 https://github.com/vaadin/platform 10 https://github.com/ethereum/go-ethereum 10 https://github.com/liufee/cms 10 https://github.com/jquery/jquery 10 https://github.com/helm/helm 10 https://github.com/baserproject/basercms 10 https://github.com/silverstripe/silverstripe-framework 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/greenpau/caddy-security 10 https://github.com/github/advisory-database 9 https://github.com/go-gitea/gitea 9 https://github.com/publify/publify 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/apache/nifi 9 https://github.com/puppetlabs/puppet 9 https://github.com/strapi/strapi 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/geoserver/geoserver 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/electron/electron 9 https://github.com/vyperlang/vyper 9 https://github.com/swagger-api/swagger-ui 8 https://github.com/intelliants/subrion 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/pandao/editor.md 8 https://github.com/rubygems/rubygems 8 https://github.com/bcgit/bc-java 8 https://github.com/LavaLite/cms 8 https://github.com/moby/moby 8 https://github.com/openfga/openfga 8 https://github.com/jupyter/notebook 8 https://github.com/kubeedge/kubeedge 8 https://github.com/hashicorp/consul 8 https://github.com/getgrav/grav 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/wallabag/wallabag 8 https://github.com/eclipse/jetty.project 8 https://github.com/TryGhost/Ghost 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/directus/directus 8 https://github.com/google/fscrypt 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/traefik/traefik 7 https://github.com/mattermost/mattermost 7 https://github.com/pyload/pyload 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/dolibarr/dolibarr 7 https://github.com/twbs/bootstrap 7 https://github.com/ckeditor/ckeditor4 7 https://github.com/gogs/gogs 7 https://github.com/vantage6/vantage6 7 https://github.com/nahsra/antisamy 7 https://github.com/wagtail/wagtail 7 https://github.com/laurent22/joplin 7 https://github.com/rack/rack 7 https://github.com/hashicorp/vault 7 https://github.com/kevinpapst/kimai2 7 https://github.com/apache/zeppelin 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vaadin/flow 7 https://github.com/modoboa/modoboa 7 https://github.com/opencv/opencv 7 https://github.com/aio-libs/aiohttp 6 https://github.com/panva/jose 6 https://github.com/parse-community/parse-server 6 https://github.com/backstage/backstage 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/opensearch-project/security 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/cubefs/cubefs 6 https://github.com/urllib3/urllib3 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/igniterealtime/Openfire 6 https://github.com/oroinc/orocommerce 6 https://github.com/neorazorx/facturascripts 6 https://github.com/cui2shark/security 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/onionshare/onionshare 6 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/kivikakk/comrak 5 https://github.com/admidio/admidio 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lxml/lxml 5 https://github.com/Sylius/Sylius 5 https://github.com/numpy/numpy 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/vapor/vapor 5 https://github.com/vercel/next.js 5 https://github.com/lief-project/LIEF 5 https://github.com/cakephp/cakephp 5 https://github.com/undertow-io/undertow 5 https://github.com/apache/lucene-solr 5 https://github.com/unshiftio/url-parse 5 https://github.com/apache/tika 5 https://github.com/openstack/keystone 5 https://github.com/centreon/centreon-archived 5 https://github.com/paritytech/frontier 5 https://github.com/Amanieu/parking_lot 5 https://github.com/nervosnetwork/ckb 5 https://github.com/sulu/sulu 5 https://github.com/cri-o/cri-o 5 https://github.com/dotnet/runtime 5 https://github.com/etcd-io/etcd 5 https://github.com/containers/podman 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/NodeBB/NodeBB 5 https://github.com/dompdf/dompdf 5 https://github.com/apache/superset 5 https://github.com/evershopcommerce/evershop 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/kylin 5 https://github.com/nodejs/undici 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/croogo/croogo 5 https://github.com/ipython/ipython 5 https://github.com/umbraco/Umbraco-CMS 5 https://github.com/opencontainers/runc 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/xuxueli/xxl-job 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 4 https://github.com/jenkinsci/active-directory-plugin 4 https://github.com/zendframework/zf1 4 https://github.com/jenkinsci/xldeploy-plugin 4 https://github.com/pyca/cryptography 4 https://github.com/denoland/deno 4 https://github.com/jenkinsci/fortify-plugin 4 https://github.com/rancher/rancher 4 https://github.com/nextauthjs/next-auth 4