Browse Security Advisories
Moderate Security Advisories from github Clear Filters
Moderate
about 16 hours ago
praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}
pypi
praisonai-platform
Moderate
about 17 hours ago
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
cargo
rattler
Moderate
3 days ago
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
pypi
praisonai-platform
Moderate
3 days ago
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
pypi
PraisonAI, praisonaiagents
Moderate
3 days ago
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
pypi
PraisonAI, praisonaiagents
Moderate
3 days ago
Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
go
github.com/nezhahq/nezha
Moderate
3 days ago
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
packagist
admidio/admidio
Moderate
3 days ago
Admidio writes session IDs and auto-login cookie values to application logs
packagist
admidio/admidio
Moderate
3 days ago
Admidio PKCS#12 private key export action lacks CSRF protection
packagist
admidio/admidio
Moderate
3 days ago
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
packagist
admidio/admidio
Moderate
3 days ago
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
packagist
admidio/admidio
Moderate
3 days ago
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
packagist
admidio/admidio
Moderate
3 days ago
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
packagist
admidio/admidio
Moderate
3 days ago
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
packagist
admidio/admidio
Moderate
3 days ago
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
packagist
symfony/twilio-notifier, symfony/symfony
Moderate
3 days ago
zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
pypi
zeroconf
Moderate
3 days ago
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
pypi
zeroconf
Moderate
3 days ago
zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
pypi
zeroconf
Moderate
3 days ago
Nerdbank.MessagePack has a memory amplification DoS in collection deserialization
nuget
Nerdbank.MessagePack
Moderate
3 days ago
Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection
swift
github.com/sparkle-project/Sparkle
Moderate
3 days ago
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
swift
github.com/sparkle-project/Sparkle
Moderate
3 days ago
go-git: Malformed Git object data may cause panics or resource exhaustion
go
github.com/go-git/go-git/v6, github.com/go-git/go-git/v5
Moderate
3 days ago
russh server userauth state is not reset when authentication principal changes
cargo
russh
Moderate
3 days ago
uv is vulnerable to arbitrary file write through entry point names
cargo, pypi
uv
Moderate
3 days ago
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
npm
parse-server
Moderate
3 days ago
astral-tokio-tar has a PAX Header Desynchronization issue
cargo
astral-tokio-tar
Moderate
3 days ago
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
cargo
unbounded-spsc
Moderate
3 days ago
CAPM3 vulnerable to Cross-Namespace resource access
go
github.com/metal3-io/cluster-api-provider-metal3
Moderate
4 days ago
IPAM controller service account granted unnecessary full access to Secrets
go
github.com/metal3-io/ip-address-manager
Moderate
4 days ago
Ironic Standalone Operator's controller modifies user-owned resources without consent
go
github.com/metal3-io/ironic-standalone-operator
Moderate
4 days ago
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
go
github.com/metal3-io/ironic-standalone-operator
Moderate
4 days ago
ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
npm
exifreader
Moderate
4 days ago
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
npm
@nuxt/nitro-server, nuxt
Moderate
4 days ago
axios has DoS & Header Injection via Prototype Pollution Read-Side Gadgets in axios merge functions
npm
axios
Moderate
4 days ago
FUXA provides guest and invalid-token access to protected read APIs in secure mode
npm
fuxa-server
Moderate
4 days ago
Shamefile has an arbitrary file read via shamefile.yaml in shame next
cargo, npm, pypi
shamefile
Moderate
4 days ago
OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
go
github.com/openbao/openbao
Moderate
5 days ago
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
pypi
compliance-trestle
Moderate
5 days ago
OpenBao's Inline Auth Incorrectly Redacted Headers
go
github.com/openbao/openbao
Moderate
5 days ago
compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
pypi
compliance-trestle
Moderate
5 days ago
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
packagist
symfony/symfony, symfony/mailtrap-mailer
Moderate
5 days ago
Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
packagist
symfony/mailjet-mailer, symfony/symfony, symfony/lox24-notifier
Moderate
5 days ago
opentelemetry-go's baggage parsing no longer caps raw header length
go
go.opentelemetry.io/otel/propagation, go.opentelemetry.io/otel/baggage
Moderate
5 days ago
Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
go
github.com/projectcapsule/capsule
Moderate
5 days ago
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export
packagist
pimcore/pimcore
Moderate
5 days ago
AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
pypi
asyncssh
Moderate
5 days ago
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
packagist
symfony/symfony, symfony/security-http, symfony/http-kernel
Moderate
5 days ago
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
packagist
symfony/symfony, symfony/security-http
Moderate
5 days ago
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
packagist
symfony/symfony, symfony/cache
Moderate
5 days ago
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
packagist
symfony/symfony, symfony/mime
Moderate
5 days ago
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
packagist
symfony/symfony, symfony/security-http
Moderate
5 days ago
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
packagist
symfony/symfony, symfony/mailer
Moderate
5 days ago
Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
packagist
symfony/symfony, symfony/html-sanitizer
Moderate
5 days ago
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
packagist
symfony/symfony, symfony/html-sanitizer
Moderate
5 days ago
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
go
github.com/crowdsecurity/crowdsec
Moderate
6 days ago
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
packagist
getkirby/cms
Moderate
6 days ago
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
packagist
symfony/symfony, symfony/routing
Moderate
6 days ago
@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects
npm
@hapi/wreck
Moderate
6 days ago
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
npm
liquidjs
Moderate
6 days ago
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
npm
liquidjs
Moderate
6 days ago
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
npm
liquidjs
Moderate
6 days ago
Yamcs has No Rate Limiting on Authentication Endpoint
maven
org.yamcs:yamcs-core
Moderate
6 days ago
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
maven
org.yamcs:yamcs-core
Moderate
6 days ago
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
rubygems
carrierwave
Moderate
6 days ago
Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations
go
github.com/kata-containers/kata-containers
Moderate
6 days ago
Kirby CMS's `pages.access` permission is not checked during rendering of page drafts
packagist
getkirby/cms
Moderate
6 days ago
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
maven
io.netty.incubator:netty-incubator-codec-ohttp
Moderate
6 days ago
XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin
maven
org.xwiki.platform:xwiki-platform-webjars-api
Moderate
6 days ago
CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS
npm
cryptpad
Moderate
7 days ago
Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers
npm
@typebot.io/js
Moderate
10 days ago
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
go
github.com/nezhahq/nezha
Moderate
10 days ago
instagrapi: Unsafe signup challenge path handling in instagrapi
pypi
instagrapi
Moderate
10 days ago
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
go
github.com/nezhahq/nezha
Moderate
11 days ago
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
pypi
Flask-Security-Too
Moderate
11 days ago
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
nuget
Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
11 days ago
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
nuget
Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
11 days ago
ImageMagick: Race Condition in distributed pixel cache server can result in file descriptor hijacking
nuget
Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
11 days ago
ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
nuget
Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
11 days ago
ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix
nuget
Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Moderate
11 days ago
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
pypi
pydantic-ai-slim, pydantic-ai
Moderate
11 days ago
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
cargo
onenote_parser
Moderate
11 days ago
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
packagist
twig/twig
Moderate
11 days ago
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
packagist
twig/twig
Moderate
11 days ago
@hulumi/baseline: CloudTrail selector tampering events were not fully detected
npm
@hulumi/baseline
Moderate
11 days ago
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
nuget
Umbraco.Cms
Moderate
11 days ago
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
npm
nocodb
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
3,560
packagist
3,505
pypi
2,513
npm
2,236
go
2,000
nuget
1,795
cargo
544
rubygems
465
hex
24
swift
18
actions
15
pub
2
Filter by Package
moodle/moodle
318
openclaw
274
tensorflow
200
magento/community-edition
192
tensorflow-cpu
191
tensorflow-gpu
188
org.jenkins-ci.main:jenkins-core
152
github.com/mattermost/mattermost/server/v8
127
typo3/cms
125
com.liferay.portal:release.portal.bom
114
github.com/mattermost/mattermost-server
110
org.apache.tomcat:tomcat
100
pimcore/pimcore
91
com.liferay.portal:release.dxp.bom
81
Magick.NET-Q16-AnyCPU
75
Magick.NET-Q16-HDRI-AnyCPU
75
Magick.NET-Q16-HDRI-x86
73
Magick.NET-Q16-HDRI-x64
72
microweber/microweber
72
Magick.NET-Q16-HDRI-OpenMP-arm64
72
Magick.NET-Q16-HDRI-arm64
72
typo3/cms-core
71
Magick.NET-Q16-x86
71
Magick.NET-Q16-OpenMP-arm64
71
wwbn/avideo
70
Magick.NET-Q16-OpenMP-x64
70
Magick.NET-Q8-AnyCPU
70
Magick.NET-Q16-arm64
69
Magick.NET-Q8-OpenMP-arm64
66
silverstripe/framework
66
Magick.NET-Q8-x86
66
Magick.NET-Q16-x64
65
Magick.NET-Q8-arm64
65
Magick.NET-Q8-OpenMP-x64
64
thorsten/phpmyfaq
63
Magick.NET-Q8-x64
63
apache-airflow
60
magento/project-community-edition
59
phpmyadmin/phpmyadmin
56
dolibarr/dolibarr
56
github.com/usememos/memos
54
Magick.NET-Q16-HDRI-OpenMP-x64
54
craftcms/cms
54
librenms/librenms
53
concrete5/concrete5
52
drupal/core
51
apache-superset
47
mantisbt/mantisbt
46
symfony/symfony
44
Django
44
Magick.NET-Q16-OpenMP-x86
43
actionpack
42
drupal/drupal
38
parse-server
37
picklescan
37
open-webui
36
showdoc/showdoc
35
org.elasticsearch:elasticsearch
35
github.com/grafana/grafana
34
directus
34
org.keycloak:keycloak-services
34
n8n
32
snipe/snipe-it
32
admidio/admidio
32
org.keycloak:keycloak-core
32
plone
29
nova
29
baserproject/basercms
29
github.com/mattermost/mattermost-server/v6
29
intelliants/subrion
28
getgrav/grav
28
ansible
27
moin
27
mautic/core
27
rack
26
shopware/platform
26
k8s.io/kubernetes
25
getkirby/cms
25
coreutils
25
Plone
24
nocodb
23
froxlor/froxlor
23
next
23
github.com/cilium/cilium
22
hono
22
phpmyfaq/phpmyfaq
22
github.com/hashicorp/vault
22
gradio
21
shopware/core
21
wasmtime
21
pypdf
21
grumpydictator/firefly-iii
21
matrix-synapse
21
nilsteampassnet/teampass
21
DotNetNuke.Core
21
code.vikunja.io/api
21
github.com/answerdev/answer
21
flowise
21
django
20
github.com/traefik/traefik/v2
20
mediawiki/core
20
github.com/traefik/traefik/v3
19
org.apache.struts:struts2-core
19
electron
19
shopware/shopware
19
vllm
19
github.com/openfga/openfga
19
pyload-ng
18
remdex/livehelperchat
18
org.apache.tomcat.embed:tomcat-embed-core
18
code.gitea.io/gitea
18
github.com/docker/docker
18
gogs.io/gogs
18
contao/core-bundle
18
salt
17
github.com/argoproj/argo-cd/v2
17
prestashop/prestashop
17
org.opencms:opencms-core
17
aiohttp
17
github.com/hashicorp/consul
17
zendframework/zendframework1
16
github.com/hashicorp/nomad
16
rdiffweb
16
statamic/cms
16
io.undertow:undertow-core
16
org.springframework.security:spring-security-core
15
glance
15
vyper
15
org.xwiki.platform:xwiki-platform-oldcore
15
yetiforce/yetiforce-crm
15
github.com/fleetdm/fleet/v4
15
org.apache.jspwiki:jspwiki-main
15
github.com/siyuan-note/siyuan/kernel
15
com.liferay.portal:com.liferay.portal.impl
15
wagtail
14
feehi/feehicms
14
weblate
14
axios
14
feehi/cms
14
tinymce
14
nokogiri
14
activesupport
14
github.com/goharbor/harbor
14
puppet
14
ghost
13
Umbraco.Cms
13
typo3/cms-backend
13
helm.sh/helm/v3
13
sylius/sylius
13
forkcms/forkcms
13
dompurify
13
com.jfinal:jfinal
13
github.com/ethereum/go-ethereum
13
tribalsystems/zenario
13
svelte
13
transformers
13
com.thoughtworks.xstream:xstream
13
keystone
12
ec-cube/ec-cube
12
vite
12
github.com/containerd/containerd
12
@openzeppelin/contracts-upgradeable
12
github.com/rancher/rancher
12
facturascripts/facturascripts
12
phpoffice/phpspreadsheet
12
lavalite/cms
12
simplesamlphp/simplesamlphp
12
roundup
12
wallabag/wallabag
12
org.bouncycastle:bcprov-jdk15on
12
@openzeppelin/contracts
12
tinymce/tinymce
11
genix/cms
11
ckeditor4
11
OctoPrint
11
nicegui
11
TinyMCE
11
surrealdb
11
craftcms/commerce
11
github.com/argoproj/argo-cd
11
ci4-cms-erp/ci4ms
11
kubevirt.io/kubevirt
11
github.com/zitadel/zitadel
11
github.com/traefik/traefik
11
renovate
11
ckan
11
org.keycloak:keycloak-parent
11
org.eclipse.jetty:jetty-server
11
bootstrap
10
openmage/magento-lts
10
github.com/openbao/openbao
10
org.apache.nifi:nifi
10
github.com/greenpau/caddy-security
10
horizon
10
PaddlePaddle
10
pimcore/admin-ui-classic-bundle
10
zendframework/zendframework
10
fat_free_crm
10
github.com/filebrowser/filebrowser/v2
10
org.apache.activemq:activemq-client
10
Filter by Repository
https://github.com/tensorflow/tensorflow
200
https://github.com/moodle/moodle
192
https://github.com/liferay/liferay-portal
143
https://github.com/jenkinsci/jenkins
109
https://github.com/pimcore/pimcore
85
https://github.com/TYPO3/typo3
63
https://github.com/microweber/microweber
63
https://github.com/apache/tomcat
60
https://github.com/xwiki/xwiki-platform
50
https://github.com/usememos/memos
50
https://github.com/django/django
50
https://github.com/silverstripe/silverstripe-framework
50
https://github.com/rails/rails
46
https://github.com/keycloak/keycloak
45
https://github.com/thorsten/phpmyfaq
45
https://github.com/apache/airflow
44
https://github.com/librenms/librenms
42
https://github.com/kubernetes/kubernetes
40
https://github.com/mattermost/mattermost
36
https://github.com/mantisbt/mantisbt
35
https://github.com/mmaitre314/picklescan
34
https://github.com/star7th/showdoc
32
https://github.com/concretecms/concretecms
28
https://github.com/mautic/mautic
27
https://github.com/symfony/symfony
27
https://github.com/grafana/grafana
27
https://github.com/ansible/ansible
26
https://github.com/phpmyadmin/phpmyadmin
26
https://github.com/craftcms/cms
26
https://github.com/spring-projects/spring-framework
26
https://github.com/argoproj/argo-cd
24
https://github.com/directus/directus
24
https://github.com/shopware/shopware
24
https://github.com/umbraco/Umbraco-CMS
23
https://github.com/Dolibarr/dolibarr
22
https://github.com/answerdev/answer
21
https://github.com/firefly-iii/firefly-iii
20
https://github.com/plone/Products.CMFPlone
20
https://github.com/magento/magento2
20
https://github.com/apache/activemq
20
https://github.com/snipe/snipe-it
20
https://github.com/cilium/cilium
19
https://github.com/livehelperchat/livehelperchat
18
https://github.com/openstack/nova
18
https://github.com/contao/contao
18
https://github.com/apache/struts
17
https://github.com/gradio-app/gradio
16
https://github.com/shopware/platform
16
https://github.com/ikus060/rdiffweb
16
https://github.com/matrix-org/synapse
16
https://github.com/vyperlang/vyper
15
https://github.com/netty/netty
15
https://github.com/CVEProject/cvelist
15
https://github.com/apache/cxf
15
https://github.com/getkirby/kirby
15
https://github.com/yetiforcecompany/yetiforcecrm
14
https://github.com/moby/moby
14
https://github.com/TYPO3/TYPO3.CMS
14
https://github.com/saltstack/salt
14
https://github.com/geoserver/geoserver
14
https://github.com/PaddlePaddle/Paddle
14
https://github.com/froxlor/froxlor
14
https://github.com/baserproject/basercms
14
https://github.com/tinymce/tinymce
14
https://github.com/OpenNMS/opennms
14
https://github.com/x-stream/xstream
14
https://github.com/goharbor/harbor
13
https://github.com/octobercms/october
13
https://github.com/strapi/strapi
13
https://github.com/PrestaShop/PrestaShop
13
https://github.com/apache/nifi
13
https://github.com/nilsteampassnet/TeamPass
13
https://github.com/rack/rack
13
https://github.com/go-gitea/gitea
13
https://github.com/containerd/containerd
13
https://github.com/openfga/openfga
13
https://github.com/bcgit/bc-java
13
https://github.com/traefik/traefik
12
https://github.com/TYPO3-CMS/core
12
https://github.com/helm/helm
12
https://github.com/huggingface/transformers
12
https://github.com/openstack/keystone
12
https://github.com/hashicorp/consul
12
https://github.com/OpenZeppelin/openzeppelin-contracts
12
https://github.com/intelliants/subrion
11
https://github.com/laravel/framework
11
https://github.com/electron/electron
11
https://github.com/ethereum/go-ethereum
11
https://github.com/surrealdb/surrealdb
11
https://github.com/rancher/rancher
11
https://github.com/dnnsoftware/Dnn.Platform
11
https://github.com/apache/zeppelin
11
https://github.com/github/advisory-database
11
https://github.com/vitejs/vite
11
https://github.com/ckeditor/ckeditor4
11
https://github.com/vaadin/platform
11
https://github.com/forkcms/forkcms
11
https://github.com/simplesamlphp/simplesamlphp
10
https://github.com/wallabag/wallabag
10
https://github.com/backstage/backstage
10
https://github.com/decidim/decidim
10
https://github.com/liufee/cms
10
https://github.com/PHPOffice/PhpSpreadsheet
10
https://github.com/aio-libs/aiohttp
10
https://github.com/bytecodealliance/wasmtime
10
https://github.com/laurent22/joplin
10
https://github.com/vllm-project/vllm
10
https://github.com/greenpau/caddy-security
10
https://github.com/vercel/next.js
10
https://github.com/TryGhost/Ghost
10
https://github.com/OctoPrint/OctoPrint
9
https://github.com/opencast/opencast
9
https://github.com/urllib3/urllib3
9
https://github.com/alkacon/opencms-core
9
https://github.com/dpgaspar/Flask-AppBuilder
9
https://github.com/dotnet/runtime
9
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/pimcore/admin-ui-classic-bundle
9
https://github.com/jenkinsci/git-plugin
9
https://github.com/puppetlabs/puppet
9
https://github.com/thorsten/phpMyFAQ
9
https://github.com/jquery/jquery
9
https://github.com/publify/publify
9
https://github.com/rails/rails-html-sanitizer
8
https://github.com/apache/superset
8
https://github.com/hashicorp/nomad
8
https://github.com/opensearch-project/security
8
https://github.com/gogs/gogs
8
https://github.com/sparklemotion/nokogiri
8
https://github.com/sulu/sulu
8
https://github.com/nilsteampassnet/teampass
8
https://github.com/LavaLite/cms
8
https://github.com/openbao/openbao
8
https://github.com/pandao/editor.md
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/dolibarr/dolibarr
8
https://github.com/FlowiseAI/Flowise
8
https://github.com/getgrav/grav
8
https://github.com/ckan/ckan
8
https://github.com/parse-community/parse-server
8
https://github.com/onionshare/onionshare
8
https://github.com/openstack/glance
8
https://github.com/rubygems/rubygems
8
https://github.com/eclipse/jetty.project
8
https://github.com/kubeedge/kubeedge
8
https://github.com/pyload/pyload
8
https://github.com/modoboa/modoboa
8
https://github.com/zendframework/zendframework
8
https://github.com/jeecgboot/jeecg-boot
7
https://github.com/openstack/horizon
7
https://github.com/vaadin/flow
7
https://github.com/StarCitizenTools/mediawiki-skins-Citizen
7
https://github.com/treeverse/lakeFS
7
https://github.com/zitadel/zitadel
7
https://github.com/zenml-io/zenml
7
https://github.com/modxcms/revolution
7
https://github.com/kubevirt/kubevirt
7
https://github.com/vega/vega
7
https://github.com/OPCFoundation/UA-.NETStandard
7
https://github.com/Sylius/Sylius
7
https://github.com/janeczku/calibre-web
7
https://github.com/chakra-core/ChakraCore
7
https://github.com/twbs/bootstrap
7
https://github.com/opencv/opencv
7
https://github.com/croogo/croogo
7
https://github.com/kevinpapst/kimai2
7
https://github.com/undertow-io/undertow
7
https://github.com/matrix-org/matrix-rust-sdk
7
https://github.com/MobSF/Mobile-Security-Framework-MobSF
7
https://github.com/containers/podman
7
https://github.com/scrapy/scrapy
7
https://github.com/denoland/deno
7
https://github.com/igniterealtime/Openfire
7
https://github.com/py-pdf/pypdf
7
https://github.com/google/fscrypt
7
https://github.com/hashicorp/vault
7
https://github.com/bagisto/bagisto
7
https://github.com/dragonflyoss/dragonfly
7
https://github.com/nocodb/nocodb
7
https://github.com/python-pillow/Pillow
7
https://github.com/jupyter/notebook
7
https://github.com/opencontainers/runc
7
https://github.com/nahsra/antisamy
7
https://github.com/Leantime/leantime
7
https://github.com/louislam/uptime-kuma
7
https://github.com/n8n-io/n8n
7
https://github.com/jenkinsci/blueocean-plugin
7
https://github.com/elastic/elasticsearch
6
https://github.com/jenkinsci/script-security-plugin
6
https://github.com/jenkinsci/configuration-as-code-plugin
6
https://github.com/puma/puma
6
https://github.com/spatie/browsershot
6
https://github.com/twisted/twisted
6
https://github.com/matrix-org/matrix-js-sdk
6
https://github.com/withastro/astro
6
https://github.com/panva/jose
6
https://github.com/tecnickcom/TCPDF
6
https://github.com/yiisoft/yii2
6
https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
6