Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oOHd2LTloOTYtbTRocs4AA5eq
Onnx Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1obXg2LXI3NmMtODVnOc4AA5du
Gradio apps vulnerable to timing attacks to guess password
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zOG04LTVnZmMtNjYzZ84AA5c3
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00aGZwLW05Z3YtbTc1M84AA5bO
XWiki extension license information is public, exposing instance id and license holder details
Ecosystems: maven
Packages: com.xwiki.licensing:application-licensing-licensor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oZ3I2LTZoaHctODgzZs4AA5aV
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03cncyLTNoaHAtcmM0Ns4AA5Z0
Cross-site Scripting Vulnerability in Statement Browser
Ecosystems: maven
Packages: com.yetanalytics:lrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00ajkzLWZtOTItcnA0bc4AA5Zy
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02d3I1LWptcHItbWpjeM4AA5Zt
Uncaught Exception in Macro Expecting Native Function to Exist
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04eGZmLTQ3M2gtZjg2M84AA5Zs
Uncaught Exception Handling Parsing Errors on Line Terminators
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr
Unencrypted traffic between pods when using Wireguard and an external kvstore
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploads
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates preview
Ecosystems: rubygems
Packages: decidim-templates
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12anFjLWc3ODgtZjM3OM4AA5Yg
Session Fixation Apache DolphinScheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy
Cross-Site Request Forgery in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qZnJnLTlocHEtOWh2cM4AA5Xx
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jcDhtLWg3NzctZzRwM84AA5Xw
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv
Improper Handling of Parameters in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Cross-site Scripting in Serenity
Ecosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04aDR4LXh2anAtdmY5Oc4AA5V1
Hazelcast Platform permission checking in CSV File Source connector
Ecosystems: maven
Packages: com.hazelcast:hazelcast, com.hazelcast:hazelcast-enterprise
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undici
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wbWdtLWgzY2MtbTRoas4AA5Va
React Native Document Picker Directory Traversal vulnerability
Ecosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12NTNnLTVnanAtMjcycs4AA5Uj
Helm dependency management path traversal
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01bXA0LTMycnItdjN4Nc4AA5Rp
Absolute path traversal vulnerability in digdag server
Ecosystems: maven
Packages: io.digdag:digdag-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ
Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04bTM2LTYycnctOW14d84AA5Pv
mapshaper Path Traversal vulnerability
Ecosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NDd4LTVtNTgtbXE5N84AA5PC
svix vulnerable to Authentication Bypass
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NzZ3LTNwaDgtdm02Ns4AA5Oc
Undertow Path Traversal vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9
Denial of Service in Connect2id Nimbus JOSE+JWT
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zN3ZyLXZtZzQtandwd84AA5MQ
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zaHdjLXJxd3AtdjM2cc4AA5MO
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01ODNnLWc2ODItY3J4Zs4AA5Lp
Micronaut management endpoints vulnerable to drive-by localhost attack
Ecosystems: maven
Packages: io.micronaut:micronaut-http-server-tck, io.micronaut:micronaut-http-server-netty, io.micronaut:micronaut-http-server
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cmY4LWNtcmctNzQzNs4AA5LY
Cross-site scripting (XSS) vulnerability in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4
Liferay Portal denial-of-service vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tcWY4LTRjcW0tcDgzeM4AA5J6
Liferay Portal allows attackers to discover the existence of sites
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2
Liferay Portal's account lockout does not invalidate existing user sessions
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcmZyLW1wZmotMmp3cc4AA5JP
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zeGY4LWc4Z3ItZzdyaM4AA5JO
Graylog session fixation vulnerability through cookie injection
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM
CKEditor cross-site scripting vulnerability in AJAX sample
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH
Liferay Portal denial of service (memory consumption)
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NzI2LTJyeDMtY2d3aM4AA5JB
Apache Ozone Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filter
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Mjc3LXdwcWYtcmNmds4AA5H1
Svix vulnerable to improper comparison of different-length signatures
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05Z3A4LTZjZzgtN2gzNM4AA5Ey
Spring Security's spring-security.xsd file is world writable
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05NDRqLThjaDYtcmY2eM4AA5Ep
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aGhmLXhtY3ctcjN4Z84AA5Ei
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 2,426
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
maven 2,546 packagist 2,136 pypi 1,653 npm 1,055 go 869 nuget 537 rubygems 372 cargo 260 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 243 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 49 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 39 drupal/core 35 concrete5/concrete5 34 plone 34 showdoc/showdoc 34 librenms/librenms 32 ansible 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 intelliants/subrion 27 symfony/symfony 27 github.com/mattermost/mattermost/server/v8 27 drupal/drupal 27 craftcms/cms 26 com.liferay.portal:release.portal.bom 25 silverstripe/framework 25 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 github.com/grafana/grafana 23 baserproject/basercms 22 Plone 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/shopware 18 rdiffweb 18 shopware/platform 18 remdex/livehelperchat 18 matrix-synapse 18 nilsteampassnet/teampass 18 froxlor/froxlor 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 github.com/argoproj/argo-cd/v2 15 vyper 15 yetiforce/yetiforce-crm 14 nokogiri 14 puppet 14 prestashop/prestashop 14 forkcms/forkcms 13 shopware/core 13 io.undertow:undertow-core 13 mautic/core 13 org.xwiki.platform:xwiki-platform-oldcore 13 com.jfinal:jfinal 13 Pillow 13 org.keycloak:keycloak-services 13 com.thoughtworks.xstream:xstream 12 github.com/hashicorp/vault 12 nova 12 tribalsystems/zenario 12 tinymce 12 org.apache.jspwiki:jspwiki-main 12 github.com/goharbor/harbor 12 github.com/docker/docker 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 github.com/argoproj/argo-cd 11 genix/cms 11 feehi/feehicms 11 github.com/hashicorp/nomad 11 DotNetNuke.Core 11 org.keycloak:keycloak-parent 11 github.com/cilium/cilium 11 getgrav/grav 11 wallabag/wallabag 10 activesupport 10 helm.sh/helm/v3 10 lavalite/cms 10 salt 10 org.eclipse.jetty:jetty-server 10 org.springframework:spring-core 10 neutron 10 @openzeppelin/contracts 10 github.com/greenpau/caddy-security 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 org.springframework.security:spring-security-core 10 notebook 10 ec-cube/ec-cube 10 github.com/mattermost/mattermost-server 10 fat_free_crm 10 @openzeppelin/contracts-upgradeable 10 typo3/cms-backend 10 github.com/containerd/containerd 10 pyftpdlib 10 PaddlePaddle 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 joplin 10 github.com/ethereum/go-ethereum 10 org.jenkins-ci.plugins:git 9 jquery-rails 9 publify_core 9 rubygems-update 9 glance 9 swagger-ui 9 ckeditor4 9 org.igniterealtime.openfire:parent 9 angular 9 gogs.io/gogs 9 TinyMCE 9 tinymce/tinymce 9 code.gitea.io/gitea 9 org.mortbay.jetty:jetty 9 zendframework/zendframework1 9 org.opencrx:opencrx-core-models 9 ghost 9 rack 9 directus 9 cakephp/cakephp 9 Django 8 opencv-python 8 org.apache.activemq:activemq-client 8 rails 8 org.opencms:opencms-core 8 bolt/bolt 8 opencv-contrib-python 8 simplesamlphp/simplesamlphp 8 github.com/openfga/openfga 8 org.bouncycastle:bcprov-jdk14 8 electron 8 Microsoft.ChakraCore 8 wasmtime 8 editor.md 8 contao/contao 8 org.jenkins-ci.plugins:script-security 8 github.com/kubeedge/kubeedge 8 centreon/centreon 8 bootstrap 8 impresscms/impresscms 8 actionview 8 org.apache.archiva:archiva 8 rails-html-sanitizer 8 org.jenkins-ci.plugins:electricflow 8 silverstripe/cms 8 org.webjars.npm:jquery 8 jquery 8 github.com/moby/moby 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 org.bouncycastle:bcprov-jdk15 7 org.jenkins-ci.plugins:config-file-provider 7 silverstripe/admin 7 validator 7 org.apache.cxf:cxf-core 7 org.apache.james:james-server 7 aiohttp 7 github.com/google/fscrypt 7 io.jenkins.blueocean:blueocean 7 org.owasp.antisamy:antisamy 7 wagtail 7 phpmyfaq/phpmyfaq 7 pyload-ng 7 sylius/sylius 7 org.opennms:opennms 7 com.vaadin:flow-server 7 vantage6 7 phpbb/phpbb 7 OctoPrint 7 org.jenkins-ci.plugins:email-ext 7 activerecord 7 jQuery 7 modoboa 7 org.bouncycastle:bcprov-jdk15on 7 kevinpapst/kimai2 7 org.jenkins-ci.plugins:subversion 7 org.apache.santuario:xmlsec 7 next 7 jquery-ui-rails 7 jquery-ui 7 admidio/admidio 7 moin 7 io.jenkins:configuration-as-code 7 org.jenkins-ci.plugins:azure-vm-agents 6 github.com/traefik/traefik/v2 6 org.apache.pdfbox:pdfbox 6 marked 6 org.jenkins-ci.plugins:jobConfigHistory 6 cockpit-hq/cockpit 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 28 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/concretecms/concretecms 19 https://github.com/argoproj/argo-cd 19 https://github.com/apache/activemq 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/livehelperchat/livehelperchat 18 https://github.com/ikus060/rdiffweb 18 https://github.com/grafana/grafana 18 https://github.com/matrix-org/synapse 17 https://github.com/python-pillow/Pillow 17 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/CVEProject/cvelist 15 https://github.com/vyperlang/vyper 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/froxlor/froxlor 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/getkirby/kirby 13 https://github.com/mautic/mautic 13 https://github.com/octobercms/october 13 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/netty/netty 12 https://github.com/apache/cxf 12 https://github.com/tinymce/tinymce 12 https://github.com/goharbor/harbor 12 https://github.com/PrestaShop/PrestaShop 11 https://github.com/forkcms/forkcms 11 https://github.com/cilium/cilium 11 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/jquery/jquery 10 https://github.com/containerd/containerd 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/liufee/cms 10 https://github.com/vaadin/platform 10 https://github.com/ethereum/go-ethereum 10 https://github.com/baserproject/basercms 10 https://github.com/greenpau/caddy-security 10 https://github.com/helm/helm 10 https://github.com/laurent22/joplin 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/moby/moby 10 https://github.com/mattermost/mattermost 10 https://github.com/github/advisory-database 9 https://github.com/electron/electron 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/apache/nifi 9 https://github.com/geoserver/geoserver 9 https://github.com/strapi/strapi 9 https://github.com/publify/publify 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/puppetlabs/puppet 9 https://github.com/LavaLite/cms 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/openfga/openfga 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/hashicorp/consul 8 https://github.com/pandao/editor.md 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/rubygems/rubygems 8 https://github.com/directus/directus 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/TryGhost/Ghost 8 https://github.com/eclipse/jetty.project 8 https://github.com/wallabag/wallabag 8 https://github.com/getgrav/grav 8 https://github.com/hashicorp/vault 7 https://github.com/modoboa/modoboa 7 https://github.com/pyload/pyload 7 https://github.com/google/fscrypt 7 https://github.com/apache/zeppelin 7 https://github.com/twbs/bootstrap 7 https://github.com/traefik/traefik 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/aio-libs/aiohttp 7 https://github.com/nahsra/antisamy 7 https://github.com/dolibarr/dolibarr 7 https://github.com/gogs/gogs 7 https://github.com/saltstack/salt 7 https://github.com/opencv/opencv 7 https://github.com/vaadin/flow 7 https://github.com/rack/rack 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/wagtail/wagtail 7 https://github.com/kevinpapst/kimai2 7 https://github.com/cui2shark/security 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/igniterealtime/Openfire 6 https://github.com/opensearch-project/security 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/cloudflare/cfrpki 6 https://github.com/croogo/croogo 6 https://github.com/opencast/opencast 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/panva/jose 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/dompdf/dompdf 6 https://github.com/parse-community/parse-server 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/onionshare/onionshare 6 https://github.com/dotnet/runtime 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/backstage/backstage 6 https://github.com/neorazorx/facturascripts 6 https://github.com/urllib3/urllib3 6 https://github.com/jquery/jquery-ui 6 https://github.com/containers/podman 6 https://github.com/cubefs/cubefs 6 https://github.com/cloudfoundry/uaa 5 https://github.com/admidio/admidio 5 https://github.com/Amanieu/parking_lot 5 https://github.com/bolt/bolt 5 https://github.com/hashicorp/nomad 5 https://github.com/kivikakk/comrak 5 https://github.com/lxml/lxml 5 https://github.com/sulu/sulu 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/vapor/vapor 5 https://github.com/hyperium/hyper 5 https://github.com/centreon/centreon-archived 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/undertow-io/undertow 5 https://github.com/Sylius/Sylius 5 https://github.com/cakephp/cakephp 5 https://github.com/apache/tika 5 https://github.com/openstack/keystone 5 https://github.com/unshiftio/url-parse 5 https://github.com/paritytech/frontier 5 https://github.com/yiisoft/yii2 5 https://github.com/lief-project/LIEF 5 https://github.com/nervosnetwork/ckb 5 https://github.com/numpy/numpy 5 https://github.com/etcd-io/etcd 5 https://github.com/apache/lucene-solr 5 https://github.com/puma/puma 5 https://github.com/d4wner/Vulnerabilities-Report 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/dolphinscheduler 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/nodejs/undici 5 https://github.com/apache/superset 5 https://github.com/semplon/GeniXCMS 5 https://github.com/ipython/ipython 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/evershopcommerce/evershop 5 https://github.com/apache/kylin 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/xuxueli/xxl-job 5 https://github.com/quarkusio/quarkus 5 https://github.com/vercel/next.js 5