Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
saltcorn: GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs pageEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
High
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
saltcorn: GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerabilityEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: 9 days ago
parse-server: GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privilegesEcosystems: npm
Packages: parse-server
Source: github
Published: 9 days ago
High
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 10 days ago
saltcorn: GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git sourceEcosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 10 days ago
Low
Ecosystems: npm
Packages: express
Source: github
Published: 10 days ago
express: GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerabilityEcosystems: npm
Packages: express
Source: github
Published: 10 days ago
High
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
saltcorn: GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer stringsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
saltcorn: GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app resultsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
saltcorn: GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backupsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Low
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File UploadEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS1mYzM4LTIyNTQtNDhnN84AA_51
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" NameEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Low
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
librenms: GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
High
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 12 days ago
decidim: GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control pageEcosystems: rubygems
Packages: decidim
Source: github
Published: 12 days ago
Moderate
Ecosystems: npm
Packages: layui
Source: github
Published: 17 days ago
layui: GSA_kwCzR0hTQS1qODI3LTZyZ2YtOTYyOc4AA_zC
Layui has DOM Clobbering gadgets that leads to Cross-site ScriptingEcosystems: npm
Packages: layui
Source: github
Published: 17 days ago
Moderate
Ecosystems: go
Packages: github.com/ory/kratos
Source: github
Published: 17 days ago
kratos: GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentialsEcosystems: go
Packages: github.com/ory/kratos
Source: github
Published: 17 days ago
Moderate
Ecosystems: pypi
Packages: strawberry-graphql
Source: github
Published: 18 days ago
strawberry: GSA_kwCzR0hTQS03OWdwLXE0d3YtMzNmcs4AA_xi
Cross-Site Request Forgery (CSRF) in strawberry-graphqlEcosystems: pypi
Packages: strawberry-graphql
Source: github
Published: 18 days ago
High
Ecosystems: npm
Packages: rollup
Source: github
Published: 20 days ago
rollup: GSA_kwCzR0hTQS1nY3g0LW13NjItZzh3bc4AA_u0
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSSEcosystems: npm
Packages: rollup
Source: github
Published: 20 days ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 20 days ago
lobe-chat: GSA_kwCzR0hTQS0zZmM4LTJyM2YtOHdyZ84AA_um
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 20 days ago
Moderate
Ecosystems: npm
Packages: @rspack/core
Source: github
Published: 24 days ago
rspack: GSA_kwCzR0hTQS04NGp3LWc0M3YtOGdqbc4AA_sX
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSSEcosystems: npm
Packages: @rspack/core
Source: github
Published: 24 days ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS01aGM1LWZ4cjktNWZyY84AA_rw
Mautic has insufficient authentication in upgrade flowEcosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS04dmZmLTM1cW0tcWp2ds4AA_rk
Mautic allows users enumeration due to weak password loginEcosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
High
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS1xZjZtLTZtNGctcm1yY84AA_rj
Mautic has insufficient authentication in upgrade flowEcosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
Moderate
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS14cGM1LXJyMzktdjh2Ms4AA_ri
Mautic has an XSS in contact tracking and page hits reportEcosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
Moderate
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS03M2dyLTMyd2ctcWhoN84AA_rh
Mautic vulnerable to XSS in contact/company tracking (no authentication)Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
Moderate
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS14djY4LXJybXctOXh3Zs4AA_rg
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
High
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
mautic: GSA_kwCzR0hTQS14M2p4LTV3Nm0tcTJmY84AA_rI
Mautic vulnerable to Improper Access Control in UI upgrade processEcosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: 26 days ago
vite: GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSSEcosystems: npm
Packages: vite
Source: github
Published: 26 days ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: 26 days ago
vite: GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4
Vite's `server.fs.deny` is bypassed when using `?import&raw`Ecosystems: npm
Packages: vite
Source: github
Published: 26 days ago
Moderate
Ecosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
vllm: GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw
vLLM Denial of Service via the best_of parameterEcosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
High
Ecosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
vllm: GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0
vLLM denial of service vulnerabilityEcosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 27 days ago
decidim: GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editorEcosystems: rubygems
Packages: decidim
Source: github
Published: 27 days ago
Moderate
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 27 days ago
decidim: GSA_kwCzR0hTQS1yeDlmLTVnZ3YtNXJoNs4AA_kA
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity logEcosystems: rubygems
Packages: decidim-admin
Source: github
Published: 27 days ago
Moderate
Ecosystems: npm
Packages: express
Source: github
Published: about 1 month ago
express: GSA_kwCzR0hTQS1xdzZoLXZnaDktajZ3eM4AA_cW
express vulnerable to XSS via response.redirect()Ecosystems: npm
Packages: express
Source: github
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/external-secrets/external-secrets
Source: github
Published: about 1 month ago
external-secrets: GSA_kwCzR0hTQS1xd2djLXJyMzUtaDR4Oc4AA_YS
External Secrets Operator vulnerable to privilege escalationEcosystems: go
Packages: github.com/external-secrets/external-secrets
Source: github
Published: about 1 month ago
High
Ecosystems: cargo
Packages: quinn-proto
Source: github
Published: about 1 month ago
quinn: GSA_kwCzR0hTQS12cjI2LWpjcTUtZmpqOM4AA_QI
Denial of service in quinn-proto when using `Endpoint::retry()`Ecosystems: cargo
Packages: quinn-proto
Source: github
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: svelte
Source: github
Published: about 1 month ago
svelte: GSA_kwCzR0hTQS04MjY2LTg0d3Atd3Y1Y84AA_Dj
Svelte has a potential mXSS vulnerability due to improper HTML escapingEcosystems: npm
Packages: svelte
Source: github
Published: about 1 month ago
Moderate
Ecosystems: nuget
Packages: RestSharp
Source: github
Published: about 2 months ago
RestSharp: GSA_kwCzR0hTQS00cnI2LTJ2OXYtd2NwY84AA_CY
CRLF Injection in RestSharp's `RestRequest.AddHeader` methodEcosystems: nuget
Packages: RestSharp
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: webpack
Source: github
Published: about 2 months ago
webpack: GSA_kwCzR0hTQS00dnZqLTRjcHItcDk4Ns4AA--k
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSSEcosystems: npm
Packages: webpack
Source: github
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 2 months ago
memos: GSA_kwCzR0hTQS1wNGZ4LXFmMmgtanBtas4AA-4e
memos CORS Misconfiguration in server.go (GHSL-2024-034)Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
casdoor: GSA_kwCzR0hTQS1ndjJwLTRtdmctZzMyaM4AA-4d
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
casdoor: GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c
Casdoor CORS misconfiguration (GHSL-2024-035)Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: about 2 months ago
Ghost: GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actionsEcosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: github
Published: about 2 months ago
apollo: GSA_kwCzR0hTQS1jNmMzLWg0ZjctMzk2Ms4AA-0A
apollo-portal has potential unauthorized access issueEcosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: github
Published: about 2 months ago
Moderate
Ecosystems: maven
Packages: io.github.microcks:microcks-app
Source: github
Published: about 2 months ago
microcks: GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator accessEcosystems: maven
Packages: io.github.microcks:microcks-app
Source: github
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/stashapp/stash
Source: github
Published: about 2 months ago
stash: GSA_kwCzR0hTQS03NWpmLTUyamctcXFoNM4AA-se
SQL injection in github.com/stashapp/stashEcosystems: go
Packages: github.com/stashapp/stash
Source: github
Published: about 2 months ago
High
Ecosystems: cargo
Packages: boa_engine
Source: github
Published: 2 months ago
boa: GSA_kwCzR0hTQS1mNjdxLXdyNnctMjNqcc4AA-q9
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objectsEcosystems: cargo
Packages: boa_engine
Source: github
Published: 2 months ago
High
Ecosystems: npm
Packages: axios
Source: github
Published: 2 months ago
axios: GSA_kwCzR0hTQS04aGM0LXZoNjQtY3htas4AA-hD
Server-Side Request Forgery in axiosEcosystems: npm
Packages: axios
Source: github
Published: 2 months ago
High
Ecosystems: pypi
Packages: litestar
Source: github
Published: 2 months ago
litestar: GSA_kwCzR0hTQS00aHEyLXJwZ2MtcjhyN84AA-gk
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflowEcosystems: pypi
Packages: litestar
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/appleboy/gorush
Source: github
Published: 2 months ago
gorush: GSA_kwCzR0hTQS1wM3BmLW1mZjgtM2g0N84AA-bg
Gorush uses deprecated TLS versionsEcosystems: go
Packages: github.com/appleboy/gorush
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: @builder.io/qwik
Source: github
Published: 2 months ago
qwik: GSA_kwCzR0hTQS0ycndqLTd4cTgtNGd4NM4AA-a5
Qwik has a potential mXSS vulnerability due to improper HTML escapingEcosystems: npm
Packages: @builder.io/qwik
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
microweber: GSA_kwCzR0hTQS1tOTl2LW1tZzItNjZ2Zs4AA-aj
Microweber Reflected Cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Critical
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 2 months ago
gitea: GSA_kwCzR0hTQS00aDRwLTU1M20tNDZxaM4AA-Zk
Gitea Cross-site Scripting VulnerabilityEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 2 months ago
Low
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
owncast: GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerabilityEcosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
memos: GSA_kwCzR0hTQS05Y3FtLW1ndjktdnY5as4AA-Yt
memos vulnerable to Server-Side Request Forgery and Cross-site ScriptingEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
memos: GSA_kwCzR0hTQS02NWZtLTJqZ3Itajdxcc4AA-Yu
memos vulnerable to Server-Side Request Forgery in /api/resourceEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
memos: GSA_kwCzR0hTQS02ZmNmLWczbXAteGoyeM4AA-Yq
memos vulnerable to Server-Side Request Forgery in /o/get/httpmetaEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
High
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
owncast: GSA_kwCzR0hTQS12OTl3LXI1NmgtZzIzds4AA-Yr
Owncast Cross-Site Request Forgery vulnerabilityEcosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
Moderate
Ecosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: github
Published: 2 months ago
cas: GSA_kwCzR0hTQS1wNzhoLW04cHYtZzlnbc4AA-Yj
Apereo CAS vulnerable to credential leaks for LDAP authenticationEcosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: @editorjs/editorjs
Source: github
Published: 2 months ago
editor.js: GSA_kwCzR0hTQS02bXZqLTI1NjktM21jbc4AA-Yi
Editor.js vulnerable to Code InjectionEcosystems: npm
Packages: @editorjs/editorjs
Source: github
Published: 2 months ago
High
Ecosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
nuxt: GSA_kwCzR0hTQS12Nzg0LWZqamgtZjhyNM4AA-Ye
Nuxt vulnerable to remote code execution via the browser when running the test locallyEcosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
nuxt: GSA_kwCzR0hTQS12ZjZyLTg3cTQtMnZqZs4AA-Yd
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSREcosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
High
Ecosystems: npm
Packages: @nuxt/devtools
Source: github
Published: 2 months ago
nuxt: GSA_kwCzR0hTQS1yY3ZnLXJnZjctcHBwds4AA-Yc
Nuxt Devtools has a Path Traversal: '../filedir'Ecosystems: npm
Packages: @nuxt/devtools
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
microweber: GSA_kwCzR0hTQS1oNHhmLXd4OTktam12NM4AA-Yb
Microweber Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
microweber: GSA_kwCzR0hTQS1oZjY2LXhmZ2otNDJnOM4AA-YZ
Microweber Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 2 months ago
casdoor: GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verificationEcosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 2 months ago
High
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
filestash: GSA_kwCzR0hTQS1tcHZ4LXdocHAtOTl4as4AA-TO
Filestash skips TLS certificate verification process when sending out email verification codesEcosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
High
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
filestash: GSA_kwCzR0hTQS00am1tLWM2anctZzc5Ns4AA-TP
Filestash configured to skip TLS certificate verification when using the FTPS protocolEcosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
Critical
Ecosystems: go
Packages: github.com/prest/prest
Source: github
Published: 3 months ago
prest: GSA_kwCzR0hTQS13bTI1LWo0Z3ctNnZyM84AA-Q9
pREST vulnerable to jwt bypass + sql injectionEcosystems: go
Packages: github.com/prest/prest
Source: github
Published: 3 months ago
High
Ecosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: 3 months ago
graphql-java: GSA_kwCzR0hTQS1oOW1xLWY2cTUtNmM4bc4AA-Pa
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of serviceEcosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: fast-xml-parser
Source: github
Published: 3 months ago
fast-xml-parser: GSA_kwCzR0hTQS1tcGc0LXJjOTItdng4ds4AA-Mb
fast-xml-parser vulnerable to ReDOS at currency parsingEcosystems: npm
Packages: fast-xml-parser
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 3 months ago
magento-lts: GSA_kwCzR0hTQS01dnJwLTYzOHctcDhtMs4AA-MY
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configsEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 3 months ago
raspap-webgui: GSA_kwCzR0hTQS1xNjIzLTJqMmotMjNqas4AA-Kn
RaspAP allows an attacker to escalate privilegesEcosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 3 months ago
High
Ecosystems: cargo
Packages: starship
Source: github
Published: 3 months ago
starship: GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commandsEcosystems: cargo
Packages: starship
Source: github
Published: 3 months ago
Moderate
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
ImageSharp: GSA_kwCzR0hTQS1xeHJ2LWdwNngtcmMyM84AA-FP
SixLabors ImageSharp has Excessive Memory Allocation in Gif DecoderEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
High
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
ImageSharp: GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds WriteEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: 3 months ago
backdrop: GSA_kwCzR0hTQS0zd214LTQ4ZzMteDY2Z84AA-Ds
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain placesEcosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: 3 months ago
High
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
woodpecker: GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executableEcosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
High
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
woodpecker: GSA_kwCzR0hTQS0zd2YyLTJwcTQtNHJ2Y84AA-Ay
Woodpecker's custom environment variables allow to alter execution flow of pluginsEcosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: 3 months ago
dbt-core: GSA_kwCzR0hTQS1wM2YzLTVjY2ctODN4cc4AA9-z
dbt has an implicit override for built-in materializations from installed packagesEcosystems: pypi
Packages: dbt-core
Source: github
Published: 3 months ago
Critical
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: github
Published: 3 months ago
torrentpier: GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerabilityEcosystems: packagist
Packages: torrentpier/torrentpier
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: wagtail
Source: github
Published: 3 months ago
wagtail: GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsingEcosystems: pypi
Packages: wagtail
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panelEcosystems: rubygems
Packages: decidim-admin
Source: github
Published: 3 months ago
High
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the paginationEcosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed featureEcosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: @discordjs/opus
Source: github
Published: 3 months ago
opus: GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of ServiceEcosystems: npm
Packages: @discordjs/opus
Source: github
Published: 3 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 3 months ago
undici: GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()Ecosystems: npm
Packages: undici
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: rails_admin
Source: github
Published: 3 months ago
rails_admin: GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list viewEcosystems: rubygems
Packages: rails_admin
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: Weblate
Source: github
Published: 3 months ago
weblate: GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backupsEcosystems: pypi
Packages: Weblate
Source: github
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: github
Published: 3 months ago
fiber: GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: github
Published: 3 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
parse-server: GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityEcosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 4 months ago
phpseclib: GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fieldsEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 4 months ago
Low
Ecosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
october: GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator AccountsEcosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
Low
Ecosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
october: GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler HeaderEcosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: socket.io
Source: github
Published: 4 months ago
socket.io: GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' eventEcosystems: npm
Packages: socket.io
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 4 months ago
lobe-chat: GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key LeakEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 4 months ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: github
Published: 4 months ago
urllib3: GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirectsEcosystems: pypi
Packages: urllib3
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 4 months ago
strapi: GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypassEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 4 months ago
strapi: GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception HandlingEcosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 4 months ago