Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
High
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: over 3 years ago
raspap-webgui: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNnAtNHBjai01bXI5
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzMnctM2NxaC1mNmp4
Weak Password Recovery Mechanism for Forgotten PasswordEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
parse-server: GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameterEcosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
Low
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic AlgorithmEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyaHctM3B2aC12Y3Zj
XSS vulnerability on password reset pageEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2cHYtOTVtai03dzVm
Stored XSS vulnerability on Bounce Management CallbackEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyaG0tZng3OC14d2hj
XSS vulnerability on contacts viewEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoNXctODJ3aC1qaHI4
XSS vulnerability on asset viewEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
Critical
Ecosystems: packagist
Packages: codeception/codeception
Source: github
Published: over 3 years ago
Codeception: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1NzQtcXYzdy1mY21n
Deserialization of Untrusted Data in codeception/codeceptionEcosystems: packagist
Packages: codeception/codeception
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: github
Published: over 3 years ago
yii2: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxM3Ytcmc2Zi02aHg0
Use of Insufficiently Random Values in yiisoft/yii2-devEcosystems: packagist
Packages: yiisoft/yii2-dev
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: github
Published: over 3 years ago
yii2: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dnYteDVtcS1oM2pq
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-devEcosystems: packagist
Packages: yiisoft/yii2-dev
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 3 years ago
subrion: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4ajYtdjU4ci1jcXYz
Cross Site Scripting in Subrion CMSEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: axios
Source: github
Published: over 3 years ago
axios: GSA_kwCzR0hTQS1jcGg1LW04ZjctNmM1eM0VhQ
axios Inefficient Regular Expression Complexity vulnerabilityEcosystems: npm
Packages: axios
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2cnItdjJqMi0yNWZo
Layout XML Arbitrary Code FixEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtOWYtdnhteC00bTU4
Data Flow Sanitation Issue FixEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
Critical
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwdjgtNnhnci1ybWY2
Dolibarr Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3NnItdmdmMy1qNnc1
October CMS auth bypass and account takeoverEcosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14cjUtbWM5Ny02M3Jj
Account Takeover in OctobercmsEcosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: model
Source: github
Published: over 3 years ago
model: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxNjQtd3Jmci1xNDhj
Data races in modelEcosystems: cargo
Packages: model
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: actix-http
Source: github
Published: over 3 years ago
actix-web: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5MjgtMmZnbS02eDl4
HTTP Request Smuggling in actix-httpEcosystems: cargo
Packages: actix-http
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: libpulse-binding
Source: github
Published: over 3 years ago
pulse-binding-rust: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5
Uncaught Exception in libpulse-bindingEcosystems: cargo
Packages: libpulse-binding
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: libpulse-binding
Source: github
Published: over 3 years ago
pulse-binding-rust: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdocHEtdmp4dy1jaDV3
Use after free in libpulse-bindingEcosystems: cargo
Packages: libpulse-binding
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: model
Source: github
Published: over 3 years ago
model: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14djYtcTk4eC1oOTU4
Data races in modelEcosystems: cargo
Packages: model
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: prost-types
Source: github
Published: over 3 years ago
prost: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0cW0tbWNqcS12Mmdm
Overflow in prost-typesEcosystems: cargo
Packages: prost-types
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: tokio
Source: github
Published: over 3 years ago
tokio: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJncmgtaG0zdy13N2h2
Race condition in tokioEcosystems: cargo
Packages: tokio
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: comrak
Source: github
Published: over 3 years ago
comrak: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3ajItZzg3ci1wbTYy
Cross-site Scripting in comrakEcosystems: cargo
Packages: comrak
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: comrak
Source: github
Published: over 3 years ago
comrak: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtcjctdjcyNS0yampy
Cross site scripting in comrakEcosystems: cargo
Packages: comrak
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: quinn
Source: github
Published: over 3 years ago
quinn: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZodjQtZngzdi03N3c2
quinn invalidly assumes the memory layout of std::net::SocketAddrEcosystems: cargo
Packages: quinn
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: mio
Source: github
Published: over 3 years ago
mio: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmM3AteDZxai02ajdx
mio invalidly assumes the memory layout of std::net::SocketAddrEcosystems: cargo
Packages: mio
Source: github
Published: over 3 years ago
Critical
Ecosystems: cargo
Packages: actix-codec
Source: github
Published: over 3 years ago
actix-net: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxZ3gtaHBnNC00NTZy
Use-after-free in actix-codecEcosystems: cargo
Packages: actix-codec
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: actix-http
Source: github
Published: over 3 years ago
actix-web: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzajYteGY3Ny04cjlj
Use-after-free in actix-httpEcosystems: cargo
Packages: actix-http
Source: github
Published: over 3 years ago
Critical
Ecosystems: cargo
Packages: actix-utils
Source: github
Published: over 3 years ago
actix-net: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzItcHFoZi12bXgy
Use after free in actix-utilsEcosystems: cargo
Packages: actix-utils
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: actix-service
Source: github
Published: over 3 years ago
actix-net: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoYzctNXAzNS00d3cy
Use after free in actix-serviceEcosystems: cargo
Packages: actix-service
Source: github
Published: over 3 years ago
Critical
Ecosystems: cargo
Packages: rio
Source: github
Published: over 3 years ago
rio: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyYzUtbXI0Zi1tMjQz
Use after free in rioEcosystems: cargo
Packages: rio
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: tokio-rustls
Source: github
Published: over 3 years ago
tls: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqZnYtZzNmaC14cTN2
Excessive memory usage in tokio-rustlsEcosystems: cargo
Packages: tokio-rustls
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: streebog
Source: github
Published: over 3 years ago
hashes: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d3ItZjRmZi14bTZw
Incorrect implementation in streebogEcosystems: cargo
Packages: streebog
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: streebog
Source: github
Published: over 3 years ago
hashes: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmOTMtaDc5cS02amp2
Incorrect implementation of the Streebog hash functions in streebogEcosystems: cargo
Packages: streebog
Source: github
Published: over 3 years ago
High
Ecosystems: cargo
Packages: chacha20
Source: github
Published: over 3 years ago
stream-ciphers: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoycjYtMm01Yy12Z2g1
Counter overflow in chacha20Ecosystems: cargo
Packages: chacha20
Source: github
Published: over 3 years ago
Critical
Ecosystems: cargo
Packages: blake2
Source: github
Published: over 3 years ago
MACs: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Algorithms compute incorrect results in blake2Ecosystems: cargo
Packages: blake2
Source: github
Published: over 3 years ago
Moderate
Ecosystems: cargo
Packages: actix-web
Source: github
Published: over 3 years ago
actix-web: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NWotZzZjNy1nM200
Multiple memory safety issues in actix-webEcosystems: cargo
Packages: actix-web
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: @asyncapi/java-spring-cloud-stream-template
Source: github
Published: over 3 years ago
java-spring-cloud-stream-template: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqNnItMmpwbS1xdnhw
Code injection issue for java-spring-cloud-stream-templateEcosystems: npm
Packages: @asyncapi/java-spring-cloud-stream-template
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with passwordEcosystems: npm
Packages: parse-server
Source: github
Published: over 3 years ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips
Source: github
Published: over 3 years ago
bc-csharp: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4eDMtcmc5OS1nYzNw
Timing based private key exposure in Bouncy CastleEcosystems: nuget, maven
Packages: BouncyCastle, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aGMtYzRxbS02NDdw
Improper Access Control in DolibarrEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 3 years ago
cms: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyZjMtZjh4NC1tM3c4
Cross Site Scripting in LavaLite CMSEcosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 3 years ago
Critical
Ecosystems: nuget
Packages: FastReport.OpenSource
Source: github
Published: over 3 years ago
FastReport: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3MjYtM3ZnOS1jcDM0
Missing Authorization in FastReportEcosystems: nuget
Packages: FastReport.OpenSource
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
Ghost: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj
Privilege escalation: all users can access Admin-level API keysEcosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
High
Ecosystems: nuget
Packages: RestSharp
Source: github
Published: over 3 years ago
RestSharp: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcTctcmN4di00N3Zx
Incorrect Regular Expression in RestSharpEcosystems: nuget
Packages: RestSharp
Source: github
Published: over 3 years ago
Moderate
Ecosystems: go
Packages: github.com/gofiber/fiber
Source: github
Published: over 3 years ago
fiber: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljeDkteDJncC05cXZo
CRLF vulnerability in FiberEcosystems: go
Packages: github.com/gofiber/fiber
Source: github
Published: over 3 years ago
High
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: github
Published: over 3 years ago
oathkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtNmd4NS1tcXY2
Incorrect Authorization in ORY OathkeeperEcosystems: go
Packages: github.com/ory/oathkeeper
Source: github
Published: over 3 years ago
High
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: github
Published: over 3 years ago
oathkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDQtcnBtci14d3Jy
Possible bypass of token claim validation when OAuth2 Introspection caching is enabledEcosystems: go
Packages: github.com/ory/oathkeeper
Source: github
Published: over 3 years ago
Low
Ecosystems: packagist
Packages: croogo/croogo
Source: github
Published: over 3 years ago
croogo: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdmYtcmZtcS1xd2Y4
Croos-site scripting in CroogoEcosystems: packagist
Packages: croogo/croogo
Source: github
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxdnEtNW04Yy02ZzI0
CRLF injection in urllib3Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
Critical
Ecosystems: pypi
Packages: localstack
Source: github
Published: over 3 years ago
localstack: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjYtZjR2cS1teGNo
Command injection in LocalStackEcosystems: pypi
Packages: localstack
Source: github
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: wagtail
Source: github
Published: over 3 years ago
wagtail: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmcnctaHhyNS1naHFm
Cross-site Scripting in wagtailEcosystems: pypi
Packages: wagtail
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: normalize-url
Source: github
Published: over 3 years ago
normalize-url: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4NGgteGczMi1xOTU1
ReDoS in normalize-urlEcosystems: npm
Packages: normalize-url
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: trim-newlines
Source: github
Published: over 3 years ago
trim-newlines: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwN2gtNG1tNS04NTJ2
Uncontrolled Resource Consumption in trim-newlinesEcosystems: npm
Packages: trim-newlines
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: glob-parent
Source: github
Published: over 3 years ago
glob-parent: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3MzktOTUzdi13Y3E2
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regexEcosystems: npm
Packages: glob-parent
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: django-celery-results
Source: github
Published: over 3 years ago
django-celery-results: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eDgtdjUyNC04NTc5
django-celery-results Stores Sensitive Information In CleartextEcosystems: pypi
Packages: django-celery-results
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: phanan/koel
Source: github
Published: over 3 years ago
koel: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzN2gtajQ4My1jampt
Improper rate limiting in KoelEcosystems: packagist
Packages: phanan/koel
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEycTctNXBwNC13NnBn
Catastrophic backtracking in URL authority parser when passed URL containing many @ charactersEcosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
Moderate
Ecosystems: go
Packages: github.com/ory/hydra
Source: github
Published: over 3 years ago
hydra: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwM2ctdnB3Ni00dzY2
Authentication Bypass in hydraEcosystems: go
Packages: github.com/ory/hydra
Source: github
Published: over 3 years ago
Critical
Ecosystems: go
Packages: github.com/MichaelMure/git-bug
Source: github
Published: over 3 years ago
git-bug: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy
Arbitrary code execution due to an uncontrolled search path for the git binaryEcosystems: go
Packages: github.com/MichaelMure/git-bug
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: browserslist
Source: github
Published: over 3 years ago
browserslist: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4cXYtNmp3aC02NHI1
Regular Expression Denial of Service in browserslistEcosystems: npm
Packages: browserslist
Source: github
Published: over 3 years ago
Moderate
Ecosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
fosite: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmcTMtdzU0Yy1mOXE1
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addressesEcosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
Moderate
Ecosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
fosite: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZnAtcTJtbS1oZnA2
Redirect URL matching ignores character casingEcosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
High
Ecosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
fosite: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzcTktMnAzbS03ZzQz
Token reuse in Ory fositeEcosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
High
Ecosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
fosite: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtcXItMnYzcS12Mndt
Ory fosite contains Improper Handling of Exceptional ConditionsEcosystems: go
Packages: github.com/ory/fosite
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: docsify
Source: github
Published: over 3 years ago
docsify: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwcWgtNDZxai12d2N3
Cross-site Scripting in docsifyEcosystems: npm
Packages: docsify
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: mversion
Source: github
Published: over 3 years ago
huntr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtOHAtNGZ4ai1wZ2My
OS Command Injection in mversionEcosystems: npm
Packages: mversion
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: express-hbs
Source: github
Published: over 3 years ago
express-hbs: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3eHAtaHd3Zi02NTN2
Insecure template handling in express-hbsEcosystems: npm
Packages: express-hbs
Source: github
Published: over 3 years ago
Moderate
Ecosystems: maven
Packages: org.openapitools:openapi-generator
Source: github
Published: over 3 years ago
openapi-generator: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxeHIteGYydy05NDN3
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala codeEcosystems: maven
Packages: org.openapitools:openapi-generator
Source: github
Published: over 3 years ago
Critical
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: github
Published: over 3 years ago
openapi-generator: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzeDQtbTg0Mi1mbXdm
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generatorEcosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: github
Published: over 3 years ago
Critical
Ecosystems: npm
Packages: strapi
Source: github
Published: over 3 years ago
strapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy
Authorization bypass in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: simpl-schema
Source: github
Published: over 3 years ago
simpl-schema: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteDItcHJmcC04aHFw
Prototype Pollution in simpl-schemaEcosystems: npm
Packages: simpl-schema
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: postcss
Source: github
Published: over 3 years ago
postcss: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ajktaDVtcC0zcG0z
Regular Expression Denial of Service in postcssEcosystems: npm
Packages: postcss
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: ua-parser-js
Source: github
Published: over 3 years ago
ua-parser-js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2MngtZmhxZy05cDh2
Regular Expression Denial of Service in ua-parser-jsEcosystems: npm
Packages: ua-parser-js
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 3 years ago
librenms: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OWYtcDU2Zy1nNzV2
SQL Injection in librenmsEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: aedes
Source: github
Published: over 3 years ago
aedes: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoNzgtNDhoMy1mcmpx
Improper exception handling in AedesEcosystems: npm
Packages: aedes
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: ua-parser-js
Source: github
Published: over 3 years ago
ua-parser-js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4Y2otZnhwaC1tODNw
Regular Expression Denial of Service (ReDoS) in ua-parser-jsEcosystems: npm
Packages: ua-parser-js
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: exiftool-vendored
Source: github
Published: over 3 years ago
exiftool-vendored.js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3aHEtcjk3OC0yeDY4
Arbitrary code execution in ExifToolEcosystems: npm
Packages: exiftool-vendored
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 3 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcjgtNnE3ci1tNHdn
Bypass of fix for CVE-2020-26231, Twig sandbox escapeEcosystems: packagist
Packages: october/cms
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtdjItNzlxOC1mdjZn
Uncontrolled Resource Consumption in urllib3Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 3 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk15to18
Source: github
Published: over 3 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczeHYtdzVncC1mcnho
Logic error in Legion of the Bouncy Castle BC JavaEcosystems: maven
Packages: org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk15to18
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
Ghost: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn
DOM XSS in Theme PreviewEcosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
Moderate
Ecosystems: maven
Packages: org.openapitools:openapi-generator-maven-plugin
Source: github
Published: over 3 years ago
openapi-generator: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2N3EtNzdjYy05OG12
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven pluginEcosystems: maven
Packages: org.openapitools:openapi-generator-maven-plugin
Source: github
Published: over 3 years ago
Moderate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: over 3 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcybTUtZnZ2di01NW02
Observable Differences in Behavior to Error Inputs in Bouncy CastleEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: over 3 years ago
Critical
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cmYtOTQyOC01Mjdt
Backport for CVE-2021-21024 Blind SQLi from Magento 2Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
Critical
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00OTYteDU2Ny1mOThj
Fixes a bug in Zend Framework's Stream HTTP WrapperEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: pikepdf
Source: github
Published: over 3 years ago
pikepdf: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjZ20tM3h3NC1oNXA4
Improper Restriction of XML External Entity Reference in pikepdfEcosystems: pypi
Packages: pikepdf
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: wagtail
Source: github
Published: over 3 years ago
wagtail: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNWgtZjlwNS1xN2Z4
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fieldsEcosystems: pypi
Packages: wagtail
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: over 3 years ago
grav: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cjQtcDk2ai14Znhj
Grav's Twig processing allowing dangerous PHP functions by defaultEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: vis-timeline
Source: github
Published: over 3 years ago
vis-timeline: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnYtNDU2di1wZjIy
Cross-site Scripting in vis-timelineEcosystems: npm
Packages: vis-timeline
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: webargs
Source: github
Published: over 3 years ago
webargs: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcTMtNXB4dy00d2o0
Cross-Site Request Forgery in WebargsEcosystems: pypi
Packages: webargs
Source: github
Published: over 3 years ago
High
Ecosystems: pypi
Packages: proxy.py
Source: github
Published: over 3 years ago
proxy.py: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtYzctbWZtci14cXJ4
Logic error in authentication in proxy.pyEcosystems: pypi
Packages: proxy.py
Source: github
Published: over 3 years ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: over 3 years ago
phpseclib: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmNHctZmc3ci01djk0
Improper Certificate Validation in phpseclibEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: over 3 years ago
Critical
Ecosystems: pypi
Packages: clickhouse-driver
Source: github
Published: over 3 years ago
clickhouse-driver: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZndjUtY3h2aC12Znho
Arbitrary code execution in clickhouse-driverEcosystems: pypi
Packages: clickhouse-driver
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRoanEtNDIycS00dnB4
Mautic vulnerable to secret data exfiltration via symfony parametersEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: pressbooks/pressbooks
Source: github
Published: over 3 years ago
pressbooks: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooksEcosystems: packagist
Packages: pressbooks/pressbooks
Source: github
Published: over 3 years ago
Moderate
Ecosystems: pypi
Packages: omero-web
Source: github
Published: over 3 years ago
omero-web: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0cmYtcGMyNi02aG1y
OMERO webclient does not validate URL redirects on login or switching group.Ecosystems: pypi
Packages: omero-web
Source: github
Published: over 3 years ago