Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
High
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 25 days ago
lobe-chat: GSA_kwCzR0hTQS0yeGNjLXZtM2YtbThyd84ABByj
@lobehub/chat Server Side Request Forgery vulnerabilityEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 25 days ago
Low
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago
kit: GSA_kwCzR0hTQS1yamp2LTg3bXgtNngzaM4ABBvG
@sveltejs/kit vulnerable to on dev mode 404 pageEcosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago
Low
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago
kit: GSA_kwCzR0hTQS1taDJ4LWZjcWgtZm1xds4ABBvF
@sveltejs/kit has unescaped error message included on error pageEcosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago
High
Ecosystems: pypi
Packages: starlite, litestar
Source: github
Published: about 1 month ago
litestar: GSA_kwCzR0hTQS1namNjLWp2Z3ctd3Z3as4ABBmv
Litestar allows unbounded resource consumption (DoS vulnerability)Ecosystems: pypi
Packages: starlite, litestar
Source: github
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/cert-manager/cert-manager
Source: github
Published: about 1 month ago
cert-manager: GSA_kwCzR0hTQS1yNHBnLXZnNTQtd3h4NM4ABBmY
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputsEcosystems: go
Packages: github.com/cert-manager/cert-manager
Source: github
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: cobbler
Source: github
Published: about 1 month ago
cobbler: GSA_kwCzR0hTQS1tMjZjLWZjZ2gtY3A2aM4ABBeO
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changesEcosystems: pypi
Packages: cobbler
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS04Zmg0LTk0MnItamYyZ84ABBab
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
Low
Ecosystems: npm
Packages: @eslint/plugin-kit
Source: github
Published: about 1 month ago
rewrite: GSA_kwCzR0hTQS03cTdnLTR4bTgtODljcc4ABBaa
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kitEcosystems: npm
Packages: @eslint/plugin-kit
Source: github
Published: about 1 month ago
Critical
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS14NjQ1LTZwZjkteHd4d84ABBZK
LibreNMS has an Authenticated OS Command InjectionEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1ndjRtLWY2ZngtODU5eM4ABBZJ
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS0yOHA3LWY2aDYtM2poM84ABBZI
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1wNjZxLXBwd3ItcTVqOM4ABBZH
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS03NjYzLTM3cmctYzM3N84ABBZG
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS00bTVyLXcycnEtcTU0cc4ABBZF
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple EndpointsEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1xcjhmLTVxcWctajN3Z84ABBZE
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS12N3c5LTYzeGgtNnIzd84ABBZD
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS14aDRnLWM5cDYtNWp4Z84ABBY1
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1ybXI0LXg2YzktamM2OM4ABBY0
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS04ODhqLXBqcWgtZng1OM4ABBYz
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1jODZxLXJqMzctOGY4Nc4ABBYy
LibreNMS has a stored XSS in ExamplePlugin with Device's NotesEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
librenms: GSA_kwCzR0hTQS1nZndyLXhxbWotajI3ds4ABBYx
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.phpEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: wallabag/wallabag
Source: github
Published: about 1 month ago
wallabag: GSA_kwCzR0hTQS05OXc4LWM1ZjYtOTZwcM4ABBYh
CSRF leading to delete account in wallabag/wallabagEcosystems: packagist
Packages: wallabag/wallabag
Source: github
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 1 month ago
memos: GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Stored XSS using two files in usememos/memosEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 1 month ago
Moderate
Ecosystems: rubygems
Packages: decidim-meetings
Source: github
Published: about 1 month ago
decidim: GSA_kwCzR0hTQS1qNGg2LWdjajctN3Y5ds4ABBTI
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embedsEcosystems: rubygems
Packages: decidim-meetings
Source: github
Published: about 1 month ago
Moderate
Ecosystems: packagist
Packages: orchid/platform
Source: github
Published: about 1 month ago
platform: GSA_kwCzR0hTQS1jbTQ2LWdxZjQtbXY0Zs4ABBP3
Orchid Platform has Method Exposure Vulnerability in ModalsEcosystems: packagist
Packages: orchid/platform
Source: github
Published: about 1 month ago
Critical
Ecosystems: go
Packages: github.com/j3ssie/osmedeus
Source: github
Published: about 2 months ago
osmedeus: GSA_kwCzR0hTQS13dnY3LXdtNXYtdzJnds4ABA-U
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCEEcosystems: go
Packages: github.com/j3ssie/osmedeus
Source: github
Published: about 2 months ago
Critical
Ecosystems: nuget
Packages: Refit
Source: github
Published: about 2 months ago
refit: GSA_kwCzR0hTQS0zaHhnLWZ4d20tOGdmN84ABA9E
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributesEcosystems: nuget
Packages: Refit
Source: github
Published: about 2 months ago
Moderate
Ecosystems: hex
Packages: ash_postgres
Source: github
Published: about 2 months ago
ash_postgres: GSA_kwCzR0hTQS1oZjU5LTdyd3EtNzg1bc4ABAmD
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.Ecosystems: hex
Packages: ash_postgres
Source: github
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: github
Published: 2 months ago
vendure: GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategyEcosystems: npm
Packages: @vendure/asset-server-plugin
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: markdown-to-jsx
Source: github
Published: 2 months ago
markdown-to-jsx: GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsxEcosystems: npm
Packages: markdown-to-jsx
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: astro
Source: github
Published: 2 months ago
astro: GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSSEcosystems: npm
Packages: astro
Source: github
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/kubesphere/kubesphere
Source: github
Published: 2 months ago
kubesphere: GSA_kwCzR0hTQS1wMjZyLWdmZ2MtYzQ3aM4ABAQI
KubeSphere IDOR vulnerabilityEcosystems: go
Packages: github.com/kubesphere/kubesphere
Source: github
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs pageEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerabilityEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
parse-server: GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privilegesEcosystems: npm
Packages: parse-server
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git sourceEcosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 3 months ago
Low
Ecosystems: npm
Packages: express
Source: github
Published: 3 months ago
express: GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerabilityEcosystems: npm
Packages: express
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer stringsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app resultsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
saltcorn: GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backupsEcosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago
Low
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File UploadEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS1mYzM4LTIyNTQtNDhnN84AA_51
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" NameEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
Low
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
librenms: GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" featureEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 3 months ago
High
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control pageEcosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: layui
Source: github
Published: 3 months ago
layui: GSA_kwCzR0hTQS1qODI3LTZyZ2YtOTYyOc4AA_zC
Layui has DOM Clobbering gadgets that leads to Cross-site ScriptingEcosystems: npm
Packages: layui
Source: github
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/ory/kratos
Source: github
Published: 3 months ago
kratos: GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentialsEcosystems: go
Packages: github.com/ory/kratos
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: strawberry-graphql
Source: github
Published: 3 months ago
strawberry: GSA_kwCzR0hTQS03OWdwLXE0d3YtMzNmcs4AA_xi
Cross-Site Request Forgery (CSRF) in strawberry-graphqlEcosystems: pypi
Packages: strawberry-graphql
Source: github
Published: 3 months ago
High
Ecosystems: npm
Packages: rollup
Source: github
Published: 3 months ago
rollup: GSA_kwCzR0hTQS1nY3g0LW13NjItZzh3bc4AA_u0
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSSEcosystems: npm
Packages: rollup
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 3 months ago
lobe-chat: GSA_kwCzR0hTQS0zZmM4LTJyM2YtOHdyZ84AA_um
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @rspack/core
Source: github
Published: 3 months ago
rspack: GSA_kwCzR0hTQS04NGp3LWc0M3YtOGdqbc4AA_sX
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSSEcosystems: npm
Packages: @rspack/core
Source: github
Published: 3 months ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS01aGM1LWZ4cjktNWZyY84AA_rw
Mautic has insufficient authentication in upgrade flowEcosystems: packagist
Packages: mautic/core
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS04dmZmLTM1cW0tcWp2ds4AA_rk
Mautic allows users enumeration due to weak password loginEcosystems: packagist
Packages: mautic/core
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS1xZjZtLTZtNGctcm1yY84AA_rj
Mautic has insufficient authentication in upgrade flowEcosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS14cGM1LXJyMzktdjh2Ms4AA_ri
Mautic has an XSS in contact tracking and page hits reportEcosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS03M2dyLTMyd2ctcWhoN84AA_rh
Mautic vulnerable to XSS in contact/company tracking (no authentication)Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS14djY4LXJybXctOXh3Zs4AA_rg
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: github
Published: 3 months ago
High
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 3 months ago
mautic: GSA_kwCzR0hTQS14M2p4LTV3Nm0tcTJmY84AA_rI
Mautic vulnerable to Improper Access Control in UI upgrade processEcosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: 3 months ago
vite: GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSSEcosystems: npm
Packages: vite
Source: github
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: 3 months ago
vite: GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4
Vite's `server.fs.deny` is bypassed when using `?import&raw`Ecosystems: npm
Packages: vite
Source: github
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: vllm
Source: github
Published: 3 months ago
vllm: GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw
vLLM Denial of Service via the best_of parameterEcosystems: pypi
Packages: vllm
Source: github
Published: 3 months ago
High
Ecosystems: pypi
Packages: vllm
Source: github
Published: 3 months ago
vllm: GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0
vLLM denial of service vulnerabilityEcosystems: pypi
Packages: vllm
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editorEcosystems: rubygems
Packages: decidim
Source: github
Published: 3 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 3 months ago
decidim: GSA_kwCzR0hTQS1yeDlmLTVnZ3YtNXJoNs4AA_kA
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity logEcosystems: rubygems
Packages: decidim-admin
Source: github
Published: 3 months ago
Low
Ecosystems: npm
Packages: express
Source: github
Published: 3 months ago
express: GSA_kwCzR0hTQS1xdzZoLXZnaDktajZ3eM4AA_cW
express vulnerable to XSS via response.redirect()Ecosystems: npm
Packages: express
Source: github
Published: 3 months ago
High
Ecosystems: go
Packages: github.com/external-secrets/external-secrets
Source: github
Published: 3 months ago
external-secrets: GSA_kwCzR0hTQS1xd2djLXJyMzUtaDR4Oc4AA_YS
External Secrets Operator vulnerable to privilege escalationEcosystems: go
Packages: github.com/external-secrets/external-secrets
Source: github
Published: 3 months ago
High
Ecosystems: cargo
Packages: quinn-proto
Source: github
Published: 4 months ago
quinn: GSA_kwCzR0hTQS12cjI2LWpjcTUtZmpqOM4AA_QI
Denial of service in quinn-proto when using `Endpoint::retry()`Ecosystems: cargo
Packages: quinn-proto
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: svelte
Source: github
Published: 4 months ago
svelte: GSA_kwCzR0hTQS04MjY2LTg0d3Atd3Y1Y84AA_Dj
Svelte has a potential mXSS vulnerability due to improper HTML escapingEcosystems: npm
Packages: svelte
Source: github
Published: 4 months ago
Moderate
Ecosystems: nuget
Packages: RestSharp
Source: github
Published: 4 months ago
RestSharp: GSA_kwCzR0hTQS00cnI2LTJ2OXYtd2NwY84AA_CY
CRLF Injection in RestSharp's `RestRequest.AddHeader` methodEcosystems: nuget
Packages: RestSharp
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: webpack
Source: github
Published: 4 months ago
webpack: GSA_kwCzR0hTQS00dnZqLTRjcHItcDk4Ns4AA--k
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSSEcosystems: npm
Packages: webpack
Source: github
Published: 4 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 4 months ago
memos: GSA_kwCzR0hTQS1wNGZ4LXFmMmgtanBtas4AA-4e
memos CORS Misconfiguration in server.go (GHSL-2024-034)Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 4 months ago
Moderate
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago
casdoor: GSA_kwCzR0hTQS1ndjJwLTRtdmctZzMyaM4AA-4d
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago
High
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago
casdoor: GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c
Casdoor CORS misconfiguration (GHSL-2024-035)Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: 4 months ago
Ghost: GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actionsEcosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: 4 months ago
Moderate
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: github
Published: 4 months ago
apollo: GSA_kwCzR0hTQS1jNmMzLWg0ZjctMzk2Ms4AA-0A
apollo-portal has potential unauthorized access issueEcosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: github
Published: 4 months ago
High
Ecosystems: maven
Packages: io.github.microcks:microcks-app
Source: github
Published: 4 months ago
microcks: GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator accessEcosystems: maven
Packages: io.github.microcks:microcks-app
Source: github
Published: 4 months ago
Critical
Ecosystems: go
Packages: github.com/stashapp/stash
Source: github
Published: 4 months ago
stash: GSA_kwCzR0hTQS03NWpmLTUyamctcXFoNM4AA-se
SQL injection in github.com/stashapp/stashEcosystems: go
Packages: github.com/stashapp/stash
Source: github
Published: 4 months ago
High
Ecosystems: cargo
Packages: boa_engine
Source: github
Published: 4 months ago
boa: GSA_kwCzR0hTQS1mNjdxLXdyNnctMjNqcc4AA-q9
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objectsEcosystems: cargo
Packages: boa_engine
Source: github
Published: 4 months ago
High
Ecosystems: npm
Packages: axios
Source: github
Published: 4 months ago
axios: GSA_kwCzR0hTQS04aGM0LXZoNjQtY3htas4AA-hD
Server-Side Request Forgery in axiosEcosystems: npm
Packages: axios
Source: github
Published: 4 months ago
High
Ecosystems: pypi
Packages: litestar
Source: github
Published: 4 months ago
litestar: GSA_kwCzR0hTQS00aHEyLXJwZ2MtcjhyN84AA-gk
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflowEcosystems: pypi
Packages: litestar
Source: github
Published: 4 months ago
Moderate
Ecosystems: go
Packages: github.com/appleboy/gorush
Source: github
Published: 5 months ago
gorush: GSA_kwCzR0hTQS1wM3BmLW1mZjgtM2g0N84AA-bg
Gorush uses deprecated TLS versionsEcosystems: go
Packages: github.com/appleboy/gorush
Source: github
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @builder.io/qwik
Source: github
Published: 5 months ago
qwik: GSA_kwCzR0hTQS0ycndqLTd4cTgtNGd4NM4AA-a5
Qwik has a potential mXSS vulnerability due to improper HTML escapingEcosystems: npm
Packages: @builder.io/qwik
Source: github
Published: 5 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
microweber: GSA_kwCzR0hTQS1tOTl2LW1tZzItNjZ2Zs4AA-aj
Microweber Reflected Cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
Critical
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 5 months ago
gitea: GSA_kwCzR0hTQS00aDRwLTU1M20tNDZxaM4AA-Zk
Gitea Cross-site Scripting VulnerabilityEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 5 months ago
owncast: GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerabilityEcosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
memos: GSA_kwCzR0hTQS05Y3FtLW1ndjktdnY5as4AA-Yt
memos vulnerable to Server-Side Request Forgery and Cross-site ScriptingEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
memos: GSA_kwCzR0hTQS02ZmNmLWczbXAteGoyeM4AA-Yq
memos vulnerable to Server-Side Request Forgery in /o/get/httpmetaEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
memos: GSA_kwCzR0hTQS02NWZtLTJqZ3Itajdxcc4AA-Yu
memos vulnerable to Server-Side Request Forgery in /api/resourceEcosystems: go
Packages: github.com/usememos/memos
Source: github
Published: 5 months ago
High
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 5 months ago
owncast: GSA_kwCzR0hTQS12OTl3LXI1NmgtZzIzds4AA-Yr
Owncast Cross-Site Request Forgery vulnerabilityEcosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: 5 months ago