Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
High
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: github
Published: about 1 month ago
wn-dusk-plugin: GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installsEcosystems: packagist
Packages: winter/wn-dusk-plugin
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset sectionEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settingsEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic ReportsEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builderEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: timber/timber
Source: github
Published: about 1 month ago
timber: GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted DataEcosystems: packagist
Packages: timber/timber
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving DashboardsEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
mautic: GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description fieldEcosystems: packagist
Packages: mautic/core
Source: github
Published: about 1 month ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: about 1 month ago
undici: GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectEcosystems: npm
Packages: undici
Source: github
Published: about 1 month ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: about 1 month ago
undici: GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineEcosystems: npm
Packages: undici
Source: github
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: about 1 month ago
vite: GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1
Vite's `server.fs.deny` did not deny requests for patterns with directories.Ecosystems: npm
Packages: vite
Source: github
Published: about 1 month ago
High
Ecosystems: npm
Packages: @electron/packager
Source: github
Published: about 2 months ago
packager: GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executableEcosystems: npm
Packages: @electron/packager
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
KaTeX: GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocolsEcosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
KaTeX: GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filenameEcosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
KaTeX: GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ
KaTeX's maxExpand bypassed by Unicode sub/superscriptsEcosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
KaTeX: GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY
KaTeX's maxExpand bypassed by `\edef`Ecosystems: npm
Packages: katex
Source: github
Published: about 2 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
grav: GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handlerEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
grav: GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
grav: GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
grav: GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypassEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
grav: GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
File Upload Path TraversalEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 2 months ago
High
Ecosystems: npm
Packages: webpack-dev-middleware
Source: github
Published: about 2 months ago
webpack-dev-middleware: GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc
Path traversal in webpack-dev-middlewareEcosystems: npm
Packages: webpack-dev-middleware
Source: github
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 months ago
parse-server: GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: github
Published: about 2 months ago
High
Ecosystems: pypi
Packages: astropy
Source: github
Published: about 2 months ago
astropy: GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph functionEcosystems: pypi
Packages: astropy
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: github
Published: 2 months ago
RSSHub: GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request ForgeryEcosystems: npm
Packages: rsshub
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: github
Published: 2 months ago
RSSHub: GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxyEcosystems: npm
Packages: rsshub
Source: github
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 2 months ago
grav: GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatterEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 2 months ago
High
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 2 months ago
ImageSharp: GSA_kwCzR0hTQS02NXg3LWMyNzItN2c3cs4AA5xd
Use After Free in SixLabors.ImageSharpEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 2 months ago
High
Ecosystems: cargo
Packages: mio
Source: github
Published: 2 months ago
mio: GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistrationEcosystems: cargo
Packages: mio
Source: github
Published: 2 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 2 months ago
phpseclib: GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID lengthEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 2 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 2 months ago
phpseclib: GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of serviceEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 2 months ago
parse-server: GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 2 months ago
bagisto: GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: github
Published: 2 months ago
livehelperchat: GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template InjectionEcosystems: packagist
Packages: remdex/livehelperchat
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 3 months ago
magento-lts: GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file formEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: 3 months ago
subrion: GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Subrion CMS vulnerable to SQL InjectionEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: github
Published: 3 months ago
fiber: GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploadsEcosystems: rubygems
Packages: decidim-core, decidim
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry periodEcosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-templates
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates previewEcosystems: rubygems
Packages: decidim-templates
Source: github
Published: 3 months ago
Low
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in EndorsementsEcosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 3 months ago
undici: GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: undici
Source: github
Published: 3 months ago
undici: GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undiciEcosystems: npm
Packages: undici
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
caddy-security: GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site ScriptingEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: github
Published: 3 months ago
pixelfed: GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissionsEcosystems: packagist
Packages: pixelfed/pixelfed
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: 3 months ago
Ghost: GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issueEcosystems: npm
Packages: ghost
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: nonebot2
Source: github
Published: 3 months ago
nonebot2: GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message TemplatesEcosystems: pypi
Packages: nonebot2
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: yarn
Source: github
Published: 3 months ago
yarn: GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerabilityEcosystems: npm
Packages: yarn
Source: github
Published: 3 months ago
High
Ecosystems: cargo
Packages: libpulse-binding
Source: github
Published: 3 months ago
pulse-binding-rust: GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-bindingEcosystems: cargo
Packages: libpulse-binding
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 3 months ago
lobe-chat: GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to pluginsEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 3 months ago
goreleaser: GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secretsEcosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: @urql/next
Source: github
Published: 3 months ago
urql: GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483
@urql/next Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @urql/next
Source: github
Published: 3 months ago
High
Ecosystems: cargo
Packages: lemmy_server
Source: github
Published: 4 months ago
lemmy: GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instanceEcosystems: cargo
Packages: lemmy_server
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: github
Published: 4 months ago
kit: GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKitEcosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: 4 months ago
Ghost: GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in GhostEcosystems: npm
Packages: ghost
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: vite
Source: github
Published: 4 months ago
vite: GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemEcosystems: npm
Packages: vite
Source: github
Published: 4 months ago
Moderate
Ecosystems: cargo
Packages: tracing
Source: github
Published: 4 months ago
tracing: GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracingEcosystems: cargo
Packages: tracing
Source: github
Published: 4 months ago
Moderate
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 4 months ago
bagisto: GSA_kwCzR0hTQS1jOTYyLWc1MzMtODIzZs4AA4gW
Cross-site Scripting in BagistoEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: 4 months ago
evershop: GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpointsEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: 4 months ago
evershop: GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secretEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: 4 months ago
Low
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: 4 months ago
framework: GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirectsEcosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: 4 months ago
High
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: github
Published: 4 months ago
verify-changed-files: GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: github
Published: 4 months ago
High
Ecosystems: actions
Packages: tj-actions/changed-files
Source: github
Published: 4 months ago
changed-files: GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)Ecosystems: actions
Packages: tj-actions/changed-files
Source: github
Published: 4 months ago