Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Moderate
saltcorn: GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
High
saltcorn: GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 7 days ago
High
parse-server: GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privileges
Ecosystems: npm
Packages: parse-server
Source: github
Published: 9 days ago
High
saltcorn: GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 10 days ago
Low
express: GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerability
Ecosystems: npm
Packages: express
Source: github
Published: 10 days ago
High
saltcorn: GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Moderate
saltcorn: GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Moderate
saltcorn: GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 10 days ago
Low
librenms: GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
librenms: GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
High
librenms: GSA_kwCzR0hTQS1mYzM4LTIyNTQtNDhnN84AA_51
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
librenms: GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Low
librenms: GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
Moderate
librenms: GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 12 days ago
High
decidim: GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control page
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 12 days ago
Moderate
layui: GSA_kwCzR0hTQS1qODI3LTZyZ2YtOTYyOc4AA_zC
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Ecosystems: npm
Packages: layui
Source: github
Published: 17 days ago
Moderate
kratos: GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Ecosystems: go
Packages: github.com/ory/kratos
Source: github
Published: 17 days ago
Moderate
strawberry: GSA_kwCzR0hTQS03OWdwLXE0d3YtMzNmcs4AA_xi
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Ecosystems: pypi
Packages: strawberry-graphql
Source: github
Published: 18 days ago
High
rollup: GSA_kwCzR0hTQS1nY3g0LW13NjItZzh3bc4AA_u0
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Ecosystems: npm
Packages: rollup
Source: github
Published: 20 days ago
Moderate
lobe-chat: GSA_kwCzR0hTQS0zZmM4LTJyM2YtOHdyZ84AA_um
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 20 days ago
Moderate
rspack: GSA_kwCzR0hTQS04NGp3LWc0M3YtOGdqbc4AA_sX
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Ecosystems: npm
Packages: @rspack/core
Source: github
Published: 24 days ago
High
mautic: GSA_kwCzR0hTQS01aGM1LWZ4cjktNWZyY84AA_rw
Mautic has insufficient authentication in upgrade flow
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
Moderate
mautic: GSA_kwCzR0hTQS04dmZmLTM1cW0tcWp2ds4AA_rk
Mautic allows users enumeration due to weak password login
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 25 days ago
High
mautic: GSA_kwCzR0hTQS1xZjZtLTZtNGctcm1yY84AA_rj
Mautic has insufficient authentication in upgrade flow
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
Moderate
mautic: GSA_kwCzR0hTQS14cGM1LXJyMzktdjh2Ms4AA_ri
Mautic has an XSS in contact tracking and page hits report
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
Moderate
mautic: GSA_kwCzR0hTQS03M2dyLTMyd2ctcWhoN84AA_rh
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
Moderate
mautic: GSA_kwCzR0hTQS14djY4LXJybXctOXh3Zs4AA_rg
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 25 days ago
High
mautic: GSA_kwCzR0hTQS14M2p4LTV3Nm0tcTJmY84AA_rI
Mautic vulnerable to Improper Access Control in UI upgrade process
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 25 days ago
Moderate
vite: GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Ecosystems: npm
Packages: vite
Source: github
Published: 26 days ago
Moderate
vite: GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Ecosystems: npm
Packages: vite
Source: github
Published: 26 days ago
Moderate
vllm: GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw
vLLM Denial of Service via the best_of parameter
Ecosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
High
vllm: GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0
vLLM denial of service vulnerability
Ecosystems: pypi
Packages: vllm
Source: github
Published: 26 days ago
Moderate
decidim: GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 27 days ago
Moderate
decidim: GSA_kwCzR0hTQS1yeDlmLTVnZ3YtNXJoNs4AA_kA
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 27 days ago
Moderate
express: GSA_kwCzR0hTQS1xdzZoLXZnaDktajZ3eM4AA_cW
express vulnerable to XSS via response.redirect()
Ecosystems: npm
Packages: express
Source: github
Published: about 1 month ago
High
external-secrets: GSA_kwCzR0hTQS1xd2djLXJyMzUtaDR4Oc4AA_YS
External Secrets Operator vulnerable to privilege escalation
Ecosystems: go
Packages: github.com/external-secrets/external-secrets
Source: github
Published: about 1 month ago
High
quinn: GSA_kwCzR0hTQS12cjI2LWpjcTUtZmpqOM4AA_QI
Denial of service in quinn-proto when using `Endpoint::retry()`
Ecosystems: cargo
Packages: quinn-proto
Source: github
Published: about 1 month ago
Moderate
svelte: GSA_kwCzR0hTQS04MjY2LTg0d3Atd3Y1Y84AA_Dj
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Ecosystems: npm
Packages: svelte
Source: github
Published: about 1 month ago
Moderate
RestSharp: GSA_kwCzR0hTQS00cnI2LTJ2OXYtd2NwY84AA_CY
CRLF Injection in RestSharp's `RestRequest.AddHeader` method
Ecosystems: nuget
Packages: RestSharp
Source: github
Published: about 2 months ago
Moderate
webpack: GSA_kwCzR0hTQS00dnZqLTRjcHItcDk4Ns4AA--k
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Ecosystems: npm
Packages: webpack
Source: github
Published: about 2 months ago
High
memos: GSA_kwCzR0hTQS1wNGZ4LXFmMmgtanBtas4AA-4e
memos CORS Misconfiguration in server.go (GHSL-2024-034)
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 2 months ago
Moderate
casdoor: GSA_kwCzR0hTQS1ndjJwLTRtdmctZzMyaM4AA-4d
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
High
casdoor: GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c
Casdoor CORS misconfiguration (GHSL-2024-035)
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 months ago
Moderate
Ghost: GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actions
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: about 2 months ago
Moderate
apollo: GSA_kwCzR0hTQS1jNmMzLWg0ZjctMzk2Ms4AA-0A
apollo-portal has potential unauthorized access issue
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: github
Published: about 2 months ago
Moderate
microcks: GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Ecosystems: maven
Packages: io.github.microcks:microcks-app
Source: github
Published: about 2 months ago
Critical
stash: GSA_kwCzR0hTQS03NWpmLTUyamctcXFoNM4AA-se
SQL injection in github.com/stashapp/stash
Ecosystems: go
Packages: github.com/stashapp/stash
Source: github
Published: about 2 months ago
High
boa: GSA_kwCzR0hTQS1mNjdxLXdyNnctMjNqcc4AA-q9
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
Ecosystems: cargo
Packages: boa_engine
Source: github
Published: 2 months ago
High
axios: GSA_kwCzR0hTQS04aGM0LXZoNjQtY3htas4AA-hD
Server-Side Request Forgery in axios
Ecosystems: npm
Packages: axios
Source: github
Published: 2 months ago
High
litestar: GSA_kwCzR0hTQS00aHEyLXJwZ2MtcjhyN84AA-gk
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Ecosystems: pypi
Packages: litestar
Source: github
Published: 2 months ago
Moderate
gorush: GSA_kwCzR0hTQS1wM3BmLW1mZjgtM2g0N84AA-bg
Gorush uses deprecated TLS versions
Ecosystems: go
Packages: github.com/appleboy/gorush
Source: github
Published: 2 months ago
Moderate
qwik: GSA_kwCzR0hTQS0ycndqLTd4cTgtNGd4NM4AA-a5
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Ecosystems: npm
Packages: @builder.io/qwik
Source: github
Published: 2 months ago
Moderate
microweber: GSA_kwCzR0hTQS1tOTl2LW1tZzItNjZ2Zs4AA-aj
Microweber Reflected Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Critical
gitea: GSA_kwCzR0hTQS00aDRwLTU1M20tNDZxaM4AA-Zk
Gitea Cross-site Scripting Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 2 months ago
Low
owncast: GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
Moderate
memos: GSA_kwCzR0hTQS05Y3FtLW1ndjktdnY5as4AA-Yt
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
Moderate
memos: GSA_kwCzR0hTQS02NWZtLTJqZ3Itajdxcc4AA-Yu
memos vulnerable to Server-Side Request Forgery in /api/resource
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
Moderate
memos: GSA_kwCzR0hTQS02ZmNmLWczbXAteGoyeM4AA-Yq
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 2 months ago
High
owncast: GSA_kwCzR0hTQS12OTl3LXI1NmgtZzIzds4AA-Yr
Owncast Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 2 months ago
Moderate
cas: GSA_kwCzR0hTQS1wNzhoLW04cHYtZzlnbc4AA-Yj
Apereo CAS vulnerable to credential leaks for LDAP authentication
Ecosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: github
Published: 2 months ago
Moderate
editor.js: GSA_kwCzR0hTQS02bXZqLTI1NjktM21jbc4AA-Yi
Editor.js vulnerable to Code Injection
Ecosystems: npm
Packages: @editorjs/editorjs
Source: github
Published: 2 months ago
High
nuxt: GSA_kwCzR0hTQS12Nzg0LWZqamgtZjhyNM4AA-Ye
Nuxt vulnerable to remote code execution via the browser when running the test locally
Ecosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
Moderate
nuxt: GSA_kwCzR0hTQS12ZjZyLTg3cTQtMnZqZs4AA-Yd
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Ecosystems: npm
Packages: nuxt
Source: github
Published: 2 months ago
High
nuxt: GSA_kwCzR0hTQS1yY3ZnLXJnZjctcHBwds4AA-Yc
Nuxt Devtools has a Path Traversal: '../filedir'
Ecosystems: npm
Packages: @nuxt/devtools
Source: github
Published: 2 months ago
Moderate
microweber: GSA_kwCzR0hTQS1oNHhmLXd4OTktam12NM4AA-Yb
Microweber Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Moderate
microweber: GSA_kwCzR0hTQS1oZjY2LXhmZ2otNDJnOM4AA-YZ
Microweber Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 2 months ago
Moderate
casdoor: GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 2 months ago
High
filestash: GSA_kwCzR0hTQS1tcHZ4LXdocHAtOTl4as4AA-TO
Filestash skips TLS certificate verification process when sending out email verification codes
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
High
filestash: GSA_kwCzR0hTQS00am1tLWM2anctZzc5Ns4AA-TP
Filestash configured to skip TLS certificate verification when using the FTPS protocol
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 2 months ago
Critical
prest: GSA_kwCzR0hTQS13bTI1LWo0Z3ctNnZyM84AA-Q9
pREST vulnerable to jwt bypass + sql injection
Ecosystems: go
Packages: github.com/prest/prest
Source: github
Published: 3 months ago
High
graphql-java: GSA_kwCzR0hTQS1oOW1xLWY2cTUtNmM4bc4AA-Pa
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
Ecosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: 3 months ago
High
fast-xml-parser: GSA_kwCzR0hTQS1tcGc0LXJjOTItdng4ds4AA-Mb
fast-xml-parser vulnerable to ReDOS at currency parsing
Ecosystems: npm
Packages: fast-xml-parser
Source: github
Published: 3 months ago
Moderate
magento-lts: GSA_kwCzR0hTQS01dnJwLTYzOHctcDhtMs4AA-MY
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 3 months ago
Critical
raspap-webgui: GSA_kwCzR0hTQS1xNjIzLTJqMmotMjNqas4AA-Kn
RaspAP allows an attacker to escalate privileges
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 3 months ago
High
starship: GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Ecosystems: cargo
Packages: starship
Source: github
Published: 3 months ago
Moderate
ImageSharp: GSA_kwCzR0hTQS1xeHJ2LWdwNngtcmMyM84AA-FP
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
High
ImageSharp: GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds Write
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 3 months ago
Moderate
backdrop: GSA_kwCzR0hTQS0zd214LTQ4ZzMteDY2Z84AA-Ds
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: 3 months ago
High
woodpecker: GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
High
woodpecker: GSA_kwCzR0hTQS0zd2YyLTJwcTQtNHJ2Y84AA-Ay
Woodpecker's custom environment variables allow to alter execution flow of plugins
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 3 months ago
Moderate
dbt-core: GSA_kwCzR0hTQS1wM2YzLTVjY2ctODN4cc4AA9-z
dbt has an implicit override for built-in materializations from installed packages
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: 3 months ago
Critical
torrentpier: GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: github
Published: 3 months ago
Moderate
wagtail: GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsing
Ecosystems: pypi
Packages: wagtail
Source: github
Published: 3 months ago
Moderate
decidim: GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 3 months ago
High
decidim: GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
Moderate
decidim: GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
High
opus: GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of Service
Ecosystems: npm
Packages: @discordjs/opus
Source: github
Published: 3 months ago
Low
undici: GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: github
Published: 3 months ago
Moderate
rails_admin: GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: github
Published: 3 months ago
Moderate
weblate: GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backups
Ecosystems: pypi
Packages: Weblate
Source: github
Published: 3 months ago
Critical
fiber: GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: github
Published: 3 months ago
Critical
parse-server: GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
High
phpseclib: GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fields
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 4 months ago
Low
october: GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
Low
october: GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: github
Published: 4 months ago
High
socket.io: GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' event
Ecosystems: npm
Packages: socket.io
Source: github
Published: 4 months ago
Moderate
lobe-chat: GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key Leak
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 4 months ago
Moderate
urllib3: GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: github
Published: 4 months ago
High
strapi: GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 4 months ago
Moderate
strapi: GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 4 months ago