Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS01bXA0LTMycnItdjN4Nc4AA5Rp
Absolute path traversal vulnerability in digdag server
Ecosystems: maven
Packages: io.digdag:digdag-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ
Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04bTM2LTYycnctOW14d84AA5Pv
mapshaper Path Traversal vulnerability
Ecosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NDd4LTVtNTgtbXE5N84AA5PC
svix vulnerable to Authentication Bypass
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NzZ3LTNwaDgtdm02Ns4AA5Oc
Undertow Path Traversal vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9
Denial of Service in Connect2id Nimbus JOSE+JWT
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zN3ZyLXZtZzQtandwd84AA5MQ
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zaHdjLXJxd3AtdjM2cc4AA5MO
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01ODNnLWc2ODItY3J4Zs4AA5Lp
Micronaut management endpoints vulnerable to drive-by localhost attack
Ecosystems: maven
Packages: io.micronaut:micronaut-http-server-tck, io.micronaut:micronaut-http-server-netty, io.micronaut:micronaut-http-server
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cmY4LWNtcmctNzQzNs4AA5LY
Cross-site scripting (XSS) vulnerability in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4
Liferay Portal denial-of-service vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tcWY4LTRjcW0tcDgzeM4AA5J6
Liferay Portal allows attackers to discover the existence of sites
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2
Liferay Portal's account lockout does not invalidate existing user sessions
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcmZyLW1wZmotMmp3cc4AA5JP
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zeGY4LWc4Z3ItZzdyaM4AA5JO
Graylog session fixation vulnerability through cookie injection
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM
CKEditor cross-site scripting vulnerability in AJAX sample
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH
Liferay Portal denial of service (memory consumption)
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NzI2LTJyeDMtY2d3aM4AA5JB
Apache Ozone Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filter
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Mjc3LXdwcWYtcmNmds4AA5H1
Svix vulnerable to improper comparison of different-length signatures
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05Z3A4LTZjZzgtN2gzNM4AA5Ey
Spring Security's spring-security.xsd file is world writable
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05NDRqLThjaDYtcmY2eM4AA5Ep
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aGhmLXhtY3ctcjN4Z84AA5Ei
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NjQ4LTZnOTYtbWczNc4AA5Eh
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg
1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12aDU1LTc4Nmctd2p3as4AA5C3
.NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.win-x64, System.Security.Cryptography.Xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tZjc0LXFxN3ctNmo3ds4AA5C2
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Nervos CKB Permit load cell data from memory
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
github-slug-action use of `set-env` Runner commands which are processed via stdout
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yOXJ2LTltaDgtcHhmNM4AA5Cj
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xNjY5LTJ2ZmctY3hjZ84AA5CZ
Nervos CKB Unaligned Pointer Dereference
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04amMzLTVwMjktcWdqeM4AA5CY
PHPMailer Local file inclusion
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ybXJxLXc4cHYtNXB2cc4AA5Bn
Malicious input can provoke XSS when preserving comments
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OWY5LWd2NzItZnc5cs4AA4_1
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14dzczLXJ3MzgtNnZqY84AA4_x
Classic builder cache poisoning
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Z3BxLXAyaG0tNTZ2Oc4AA4_r
glance-store logs s3 access keys
Ecosystems: pypi
Packages: glance-store
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--
Hashicorp Vault may expose sensitive log information
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbWY0LWgzeGMtanc4d84AA4-7
Grafana Cross Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zZnd4LXBqZ3ctMzU1OM4AA4-5
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NWdxLXF2anEtOHA1M84AA4-4
Grafana Cross-site Scripting (XSS)
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02ZzJxLXc1ajMtZndoNM4AA4-2
containerd environment variable leak
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0
moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builder
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x
Enumeration of users in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02bTcyLTQ2N3ctOTRyaM4AA4-w
Privilege Escalation in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Grafana Arbitrary File Read
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/tsdb/mysql
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05cDI2LTY5OHItdzRoeM4AA4-t
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p
nodemailer ReDoS when trying to send a specially crafted email
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ocHhyLXc5dzctZzRnds4AA4-o
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Ecosystems: go
Packages: github.com/anchore/stereoscope
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yOXc2LWM1MmctbThqY84AA49-
C5 Firefly III CSV Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to plugins
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01NjI2LXB3OWMtaG1qcs4AA498
OctoPrint Unverified Password Change via Access Control Settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wNTl3LTlncXctd2o4cs4AA497
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yOHhwLTUybXEtcm1tOM4AA49h
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13cjJ2LTlycHEtYzM1cc4AA49D
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00andxLTU3MnctNDM4OM4AA49B
Memory over-allocation in evm crate
Ecosystems: cargo
Packages: evm-core, evm
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jaGg2LXBwd3Etamg5Ms4AA49A
Improper Preservation of Permissions in etcd
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02d2gyLThodzctanc5NM4AA48_
Grafana XSS via adding a link in General feature
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbXEyLWo4djgtMnE0NM4AA48-
Grafana XSS in Dashboard Text Panel
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secrets
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00NzVnLXZqNmMteGY5Ns4AA481
CrateDB database has an arbitrary file read vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yd2djLTQ4ZzItY2o1d84AA48z
vantage6 has insecure SSH configuration for node and server containers
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14MmMyLXEzMnctNHc2bc4AA48w
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12ODlxLWMyNzMtM3A0Ms4AA48N
Craft CMS Audit Plugin Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: superbig/craft-audit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01aDg2LThtdjItanE5Zs4AA47u
aiohttp is vulnerable to directory traversal
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tcngzLWd4angtaGpxas4AA47t
Authentik vulnerable to PKCE downgrade attack
Ecosystems: go
Packages: goauthentik.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04cXB3LXhxeGotaDRyMs4AA47q
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03bWdnLTNycTItaGZmNM4AA45w
ai-flow Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: ai-flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yeHB3LTg1dnctZng4N84AA45T
OpenFGA denial of service
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Statistics
Advisories: 18,440
Packages: 8,316
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 7,964 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 2,554 packagist 2,155 pypi 1,757 npm 1,062 go 881 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 40 drupal/core 36 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 Plone 30 github.com/mattermost/mattermost-server/v6 30 drupal/drupal 28 intelliants/subrion 27 github.com/mattermost/mattermost/server/v8 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 shopware/platform 18 nilsteampassnet/teampass 18 matrix-synapse 18 remdex/livehelperchat 18 getkirby/cms 17 moin 17 org.apache.tomcat.embed:tomcat-embed-core 16 vyper 15 github.com/argoproj/argo-cd/v2 15 salt 14 yetiforce/yetiforce-crm 14 nova 14 puppet 14 tribalsystems/zenario 14 prestashop/prestashop 14 nokogiri 14 Pillow 13 forkcms/forkcms 13 Django 13 shopware/core 13 org.keycloak:keycloak-services 13 mautic/core 13 com.jfinal:jfinal 13 org.xwiki.platform:xwiki-platform-oldcore 13 io.undertow:undertow-core 13 org.apache.solr:solr-core 12 github.com/goharbor/harbor 12 com.thoughtworks.xstream:xstream 12 org.apache.jspwiki:jspwiki-main 12 github.com/hashicorp/consul 12 tinymce 12 github.com/docker/docker 12 github.com/hashicorp/vault 12 lavalite/cms 11 github.com/cilium/cilium 11 neutron 11 DotNetNuke.Core 11 github.com/hashicorp/nomad 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 org.keycloak:keycloak-parent 11 genix/cms 11 pyftpdlib 11 org.apache.nifi:nifi 10 org.springframework:spring-core 10 org.apache.jspwiki:jspwiki-war 10 activesupport 10 org.springframework.security:spring-security-core 10 PaddlePaddle 10 rack 10 notebook 10 ec-cube/ec-cube 10 github.com/mattermost/mattermost-server 10 github.com/greenpau/caddy-security 10 @openzeppelin/contracts-upgradeable 10 github.com/ethereum/go-ethereum 10 contao/core-bundle 10 github.com/containerd/containerd 10 com.vaadin:vaadin-bom 10 joplin 10 helm.sh/helm/v3 10 wallabag/wallabag 10 typo3/cms-backend 10 francoisjacquet/rosariosis 10 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 fat_free_crm 10 angular 9 publify_core 9 ghost 9 rubygems-update 9 cakephp/cakephp 9 bolt/bolt 9 zendframework/zendframework1 9 ckeditor4 9 org.igniterealtime.openfire:parent 9 directus 9 org.jenkins-ci.plugins:script-security 9 org.opencrx:opencrx-core-models 9 org.mortbay.jetty:jetty 9 swagger-ui 9 code.gitea.io/gitea 9 tinymce/tinymce 9 jquery-rails 9 TinyMCE 9 glance 9 org.jenkins-ci.plugins:git 9 gogs.io/gogs 9 roundup 9 Microsoft.ChakraCore 8 org.apache.archiva:archiva 8 org.bouncycastle:bcprov-jdk14 8 org.apache.activemq:activemq-client 8 silverstripe/cms 8 sylius/sylius 8 rails-html-sanitizer 8 org.jenkins-ci.plugins:electricflow 8 github.com/kubeedge/kubeedge 8 opencv-python 8 opencv-contrib-python 8 bootstrap 8 rails 8 centreon/centreon 8 org.opencms:opencms-core 8 simplesamlphp/simplesamlphp 8 editor.md 8 contao/contao 8 wasmtime 8 github.com/openfga/openfga 8 impresscms/impresscms 8 actionview 8 electron 8 jquery 8 org.webjars.npm:jquery 8 keystone 7 org.opennms:opennms 7 org.jenkins-ci.plugins:email-ext 7 phpmyfaq/phpmyfaq 7 kevinpapst/kimai2 7 validator 7 io.jenkins:configuration-as-code 7 io.jenkins.blueocean:blueocean 7 org.jenkins-ci.plugins:config-file-provider 7 wagtail 7 vantage6 7 com.vaadin:flow-server 7 org.owasp.antisamy:antisamy 7 jQuery 7 github.com/1Panel-dev/1Panel 7 pillow 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 OctoPrint 7 org.apache.james:james-server 7 modoboa 7 pyload-ng 7 org.bouncycastle:bcprov-jdk15 7 github.com/google/fscrypt 7 org.apache.cxf:cxf-core 7 trytond 7 phpbb/phpbb 7 org.jenkins-ci.plugins:subversion 7 org.apache.santuario:xmlsec 7 github.com/moby/moby 7 aiohttp 7 silverstripe/admin 7 next 7 org.bouncycastle:bcprov-jdk15on 7 activerecord 7 admidio/admidio 7 org.cloudfoundry.identity:cloudfoundry-identity-server 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/django/django 50 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/craftcms/cms 21 https://github.com/snipe/snipe-it 20 https://github.com/argoproj/argo-cd 19 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/grafana/grafana 18 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/vyperlang/vyper 15 https://github.com/CVEProject/cvelist 15 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/getkirby/kirby 13 https://github.com/mautic/mautic 13 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/octobercms/october 13 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/contao/contao 11 https://github.com/cilium/cilium 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/containerd/containerd 10 https://github.com/moby/moby 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/ethereum/go-ethereum 10 https://github.com/vaadin/platform 10 https://github.com/greenpau/caddy-security 10 https://github.com/laurent22/joplin 10 https://github.com/jquery/jquery 10 https://github.com/liufee/cms 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/helm/helm 10 https://github.com/baserproject/basercms 10 https://github.com/mattermost/mattermost 10 https://github.com/saltstack/salt 10 https://github.com/publify/publify 9 https://github.com/puppetlabs/puppet 9 https://github.com/geoserver/geoserver 9 https://github.com/apache/nifi 9 https://github.com/electron/electron 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/strapi/strapi 9 https://github.com/github/advisory-database 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/eclipse/jetty.project 8 https://github.com/openfga/openfga 8 https://github.com/LavaLite/cms 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/hashicorp/consul 8 https://github.com/jupyter/notebook 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/kubeedge/kubeedge 8 https://github.com/getgrav/grav 8 https://github.com/TryGhost/Ghost 8 https://github.com/wallabag/wallabag 8 https://github.com/rack/rack 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/bcgit/bc-java 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/directus/directus 8 https://github.com/rubygems/rubygems 8 https://github.com/pandao/editor.md 8 https://github.com/traefik/traefik 7 https://github.com/gogs/gogs 7 https://github.com/google/fscrypt 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/apache/zeppelin 7 https://github.com/hashicorp/vault 7 https://github.com/dolibarr/dolibarr 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/pyload/pyload 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/aio-libs/aiohttp 7 https://github.com/modoboa/modoboa 7 https://github.com/vantage6/vantage6 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/wagtail/wagtail 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/vaadin/flow 7 https://github.com/twbs/bootstrap 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/croogo/croogo 6 https://github.com/opensearch-project/security 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/panva/jose 6 https://github.com/parse-community/parse-server 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/openstack/keystone 6 https://github.com/Sylius/Sylius 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/faucetsdn/ryu 6 https://github.com/dompdf/dompdf 6 https://github.com/urllib3/urllib3 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/cui2shark/security 6 https://github.com/dotnet/runtime 6 https://github.com/oroinc/orocommerce 6 https://github.com/onionshare/onionshare 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/igniterealtime/Openfire 6 https://github.com/cubefs/cubefs 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/neorazorx/facturascripts 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/ipython/ipython 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/sulu/sulu 5 https://github.com/lxml/lxml 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/vercel/next.js 5 https://github.com/quarkusio/quarkus 5 https://github.com/evershopcommerce/evershop 5 https://github.com/numpy/numpy 5 https://github.com/Amanieu/parking_lot 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/lucene-solr 5 https://github.com/hashicorp/nomad 5 https://github.com/vapor/vapor 5 https://github.com/puma/puma 5 https://github.com/etcd-io/etcd 5 https://github.com/cloudfoundry/uaa 5 https://github.com/undertow-io/undertow 5 https://github.com/cakephp/cakephp 5 https://github.com/NodeBB/NodeBB 5 https://github.com/paritytech/frontier 5 https://github.com/admidio/admidio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/centreon/centreon-archived 5 https://github.com/apache/tika 5 https://github.com/apache/kylin 5 https://github.com/opencontainers/runc 5 https://github.com/nodejs/undici 5 https://github.com/hyperium/hyper 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/unshiftio/url-parse 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/semplon/GeniXCMS 5 https://github.com/lief-project/LIEF 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/xuxueli/xxl-job 5 https://github.com/apache/dolphinscheduler 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/zitadel/zitadel 5 https://github.com/bolt/bolt 5 https://github.com/jenkinsci/electricflow-plugin 5