Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
Moderate
Ecosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: github
Published: 5 months ago
cas: GSA_kwCzR0hTQS1wNzhoLW04cHYtZzlnbc4AA-Yj
Apereo CAS vulnerable to credential leaks for LDAP authenticationEcosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: github
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @editorjs/editorjs
Source: github
Published: 5 months ago
editor.js: GSA_kwCzR0hTQS02bXZqLTI1NjktM21jbc4AA-Yi
Editor.js vulnerable to Code InjectionEcosystems: npm
Packages: @editorjs/editorjs
Source: github
Published: 5 months ago
Critical
Ecosystems: npm
Packages: nuxt
Source: github
Published: 5 months ago
nuxt: GSA_kwCzR0hTQS12Nzg0LWZqamgtZjhyNM4AA-Ye
Nuxt vulnerable to remote code execution via the browser when running the test locallyEcosystems: npm
Packages: nuxt
Source: github
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: nuxt
Source: github
Published: 5 months ago
nuxt: GSA_kwCzR0hTQS12ZjZyLTg3cTQtMnZqZs4AA-Yd
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSREcosystems: npm
Packages: nuxt
Source: github
Published: 5 months ago
High
Ecosystems: npm
Packages: @nuxt/devtools
Source: github
Published: 5 months ago
nuxt: GSA_kwCzR0hTQS1yY3ZnLXJnZjctcHBwds4AA-Yc
Nuxt Devtools has a Path Traversal: '../filedir'Ecosystems: npm
Packages: @nuxt/devtools
Source: github
Published: 5 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
microweber: GSA_kwCzR0hTQS1oZjY2LXhmZ2otNDJnOM4AA-YZ
Microweber Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
microweber: GSA_kwCzR0hTQS1oNHhmLXd4OTktam12NM4AA-Yb
Microweber Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 5 months ago
casdoor: GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verificationEcosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 5 months ago
High
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 5 months ago
filestash: GSA_kwCzR0hTQS00am1tLWM2anctZzc5Ns4AA-TP
Filestash configured to skip TLS certificate verification when using the FTPS protocolEcosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 5 months ago
High
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 5 months ago
filestash: GSA_kwCzR0hTQS1tcHZ4LXdocHAtOTl4as4AA-TO
Filestash skips TLS certificate verification process when sending out email verification codesEcosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: github
Published: 5 months ago
Critical
Ecosystems: go
Packages: github.com/prest/prest
Source: github
Published: 5 months ago
prest: GSA_kwCzR0hTQS13bTI1LWo0Z3ctNnZyM84AA-Q9
pREST vulnerable to jwt bypass + sql injectionEcosystems: go
Packages: github.com/prest/prest
Source: github
Published: 5 months ago
High
Ecosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: 5 months ago
graphql-java: GSA_kwCzR0hTQS1oOW1xLWY2cTUtNmM4bc4AA-Pa
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of serviceEcosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: 5 months ago
High
Ecosystems: npm
Packages: fast-xml-parser
Source: github
Published: 5 months ago
fast-xml-parser: GSA_kwCzR0hTQS1tcGc0LXJjOTItdng4ds4AA-Mb
fast-xml-parser vulnerable to ReDOS at currency parsingEcosystems: npm
Packages: fast-xml-parser
Source: github
Published: 5 months ago
Moderate
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 5 months ago
magento-lts: GSA_kwCzR0hTQS01dnJwLTYzOHctcDhtMs4AA-MY
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configsEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 5 months ago
raspap-webgui: GSA_kwCzR0hTQS1xNjIzLTJqMmotMjNqas4AA-Kn
RaspAP allows an attacker to escalate privilegesEcosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 5 months ago
High
Ecosystems: cargo
Packages: starship
Source: github
Published: 5 months ago
starship: GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commandsEcosystems: cargo
Packages: starship
Source: github
Published: 5 months ago
Moderate
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 5 months ago
ImageSharp: GSA_kwCzR0hTQS1xeHJ2LWdwNngtcmMyM84AA-FP
SixLabors ImageSharp has Excessive Memory Allocation in Gif DecoderEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 5 months ago
High
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 5 months ago
ImageSharp: GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds WriteEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 5 months ago
Moderate
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: 5 months ago
backdrop: GSA_kwCzR0hTQS0zd214LTQ4ZzMteDY2Z84AA-Ds
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain placesEcosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: 5 months ago
High
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 5 months ago
woodpecker: GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executableEcosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 5 months ago
Moderate
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 5 months ago
woodpecker: GSA_kwCzR0hTQS0zd2YyLTJwcTQtNHJ2Y84AA-Ay
Woodpecker's custom environment variables allow to alter execution flow of pluginsEcosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: github
Published: 5 months ago
Low
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: 5 months ago
dbt-core: GSA_kwCzR0hTQS1wM2YzLTVjY2ctODN4cc4AA9-z
dbt has an implicit override for built-in materializations from installed packagesEcosystems: pypi
Packages: dbt-core
Source: github
Published: 5 months ago
Critical
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: github
Published: 5 months ago
torrentpier: GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerabilityEcosystems: packagist
Packages: torrentpier/torrentpier
Source: github
Published: 5 months ago
High
Ecosystems: pypi
Packages: wagtail
Source: github
Published: 5 months ago
wagtail: GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsingEcosystems: pypi
Packages: wagtail
Source: github
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-admin
Source: github
Published: 5 months ago
decidim: GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panelEcosystems: rubygems
Packages: decidim-admin
Source: github
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 5 months ago
decidim: GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the paginationEcosystems: rubygems
Packages: decidim
Source: github
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 5 months ago
decidim: GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed featureEcosystems: rubygems
Packages: decidim
Source: github
Published: 5 months ago
High
Ecosystems: npm
Packages: @discordjs/opus
Source: github
Published: 5 months ago
opus: GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of ServiceEcosystems: npm
Packages: @discordjs/opus
Source: github
Published: 5 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 5 months ago
undici: GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()Ecosystems: npm
Packages: undici
Source: github
Published: 5 months ago
Moderate
Ecosystems: rubygems
Packages: rails_admin
Source: github
Published: 6 months ago
rails_admin: GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list viewEcosystems: rubygems
Packages: rails_admin
Source: github
Published: 6 months ago
Low
Ecosystems: pypi
Packages: Weblate
Source: github
Published: 6 months ago
weblate: GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backupsEcosystems: pypi
Packages: Weblate
Source: github
Published: 6 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: github
Published: 6 months ago
fiber: GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: github
Published: 6 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 6 months ago
parse-server: GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass VulnerabilityEcosystems: npm
Packages: parse-server
Source: github
Published: 6 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 6 months ago
phpseclib: GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fieldsEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 6 months ago
Low
Ecosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
october: GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator AccountsEcosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
Low
Ecosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
october: GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler HeaderEcosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: socket.io
Source: github
Published: 6 months ago
socket.io: GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' eventEcosystems: npm
Packages: socket.io
Source: github
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 6 months ago
lobe-chat: GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key LeakEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: github
Published: 6 months ago
urllib3: GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirectsEcosystems: pypi
Packages: urllib3
Source: github
Published: 6 months ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 6 months ago
strapi: GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypassEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: github
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 6 months ago
strapi: GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception HandlingEcosystems: npm
Packages: @strapi/plugin-upload
Source: github
Published: 6 months ago
Low
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: 6 months ago
strapi: GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin PanelEcosystems: npm
Packages: @strapi/plugin-content-manager
Source: github
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: ua-parser/uap-php
Source: github
Published: 7 months ago
uap-core: GSA_kwCzR0hTQS03OGhtLTVoanctNThtaM4AA80N
ua-parser/uap-php ReDoS vulnerabilityEcosystems: packagist
Packages: ua-parser/uap-php
Source: github
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: scikit-learn
Source: github
Published: 7 months ago
scikit-learn: GSA_kwCzR0hTQS1qdzh4LTY0OTUtMjMzds4AA8xU
scikit-learn sensitive data leakage vulnerabilityEcosystems: pypi
Packages: scikit-learn
Source: github
Published: 7 months ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: 7 months ago
dolibarr: GSA_kwCzR0hTQS1odjJqLTY2NTQteDc0cc4AA8qI
Reflected Cross-Site Scripting (XSS) in DolibarrEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: 7 months ago
High
Ecosystems: rubygems
Packages: activeadmin
Source: github
Published: 7 months ago
activeadmin: GSA_kwCzR0hTQS05bWc2LXg0NXYtaGNmbc4AA8mX
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legendsEcosystems: rubygems
Packages: activeadmin
Source: github
Published: 7 months ago
High
Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: 7 months ago
yii2: GSA_kwCzR0hTQS1jamNjLXA2N20tN3F4bc4AA8mV
Unsafe Reflection in base Component class in yiisoft/yii2Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: wagtail
Source: github
Published: 7 months ago
wagtail: GSA_kwCzR0hTQS14eGZtLXZtY2YtZzMzZs4AA8mP
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`Ecosystems: pypi
Packages: wagtail
Source: github
Published: 7 months ago
Moderate
Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: 7 months ago
yii2: GSA_kwCzR0hTQS1xZzVyLTk1bTQtbWpnas4AA8mM
Reflected Cross-site Scripting in yiisoft/yii2 Debug modeEcosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: @wangeditor/editor
Source: github
Published: 7 months ago
wangEditor: GSA_kwCzR0hTQS05aGZ3LWN2ZjQtNXgyNc4AA8lJ
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload functionEcosystems: npm
Packages: @wangeditor/editor
Source: github
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: 7 months ago
dbt-core: GSA_kwCzR0hTQS1wbXJ4LTY5NXItNDM0Oc4AA8jH
dbt allows Binding to an Unrestricted IP Address via socketsocketEcosystems: pypi
Packages: dbt-core
Source: github
Published: 7 months ago
High
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: github
Published: 7 months ago
openapi-generator: GSA_kwCzR0hTQS1nM2hyLXA4NnAtNTkzaM4AA8i5
OpenAPI Generator Online - Arbitrary File Read/DeleteEcosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: github
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: pug, pug-code-gen
Source: github
Published: 7 months ago
pug: GSA_kwCzR0hTQS0zOTY1LWhweDItcTU5N84AA8iR
Pug allows JavaScript code execution if an application accepts untrusted inputEcosystems: npm
Packages: pug, pug-code-gen
Source: github
Published: 7 months ago
Moderate
Ecosystems: cargo
Packages: tauri
Source: github
Published: 7 months ago
tauri: GSA_kwCzR0hTQS01N2ZtLTU5Mm0tMzRyN84AA8he
iFrames Bypass Origin Checks for Tauri API Access ControlEcosystems: cargo
Packages: tauri
Source: github
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: omero-web
Source: github
Published: 7 months ago
omero-web: GSA_kwCzR0hTQS12cjg1LTVwd3gtYzZncc4AA8W0
OMERO.web must check that the JSONP callback is a valid functionEcosystems: pypi
Packages: omero-web
Source: github
Published: 7 months ago
High
Ecosystems: packagist
Packages: doctrine/orm
Source: github
Published: 7 months ago
orm: GSA_kwCzR0hTQS12anJnLXdwbTgtcmhyd84AA8HA
doctrine/orm Regression in Query Parenthesis can have Security ImplicationsEcosystems: packagist
Packages: doctrine/orm
Source: github
Published: 7 months ago
Moderate
Ecosystems: packagist
Packages: doctrine/doctrine-module
Source: github
Published: 7 months ago
DoctrineModule: GSA_kwCzR0hTQS05d3Y4LTNoOGgteDJ3Y84AA8G9
doctrine/doctrine-module zero-valued authentication credentials vulnerabilityEcosystems: packagist
Packages: doctrine/doctrine-module
Source: github
Published: 7 months ago
Critical
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 7 months ago
mautic: GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerabilityEcosystems: packagist
Packages: mautic/core
Source: github
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 7 months ago
goreleaser: GSA_kwCzR0hTQS1mNm1tLTVmYzctM2czY84AA8GD
goreleaser shows environment by defaultEcosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 7 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 7 months ago
grav: GSA_kwCzR0hTQS1mOHY1LWptZmgtcHI2Oc4AA8GC
Grav Vulnerable to Arbitrary File Read to Account TakeoverEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 7 months ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 7 months ago
bc-csharp: GSA_kwCzR0hTQS1tNDRqLWNmcm0tZzhxY84AA76G
Bouncy Castle crafted signature and public key can be used to trigger an infinite loopEcosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 7 months ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: github
Published: 7 months ago
bc-csharp: GSA_kwCzR0hTQS12NDM1LXhjOHgtd3ZyOc4AA76H
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: github
Published: 7 months ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 7 months ago
bc-csharp: GSA_kwCzR0hTQS04eGZjLWdtNmctdmdwds4AA75b
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 7 months ago
Critical
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 7 months ago
lobe-chat: GSA_kwCzR0hTQS1teGhxLXh3M2ctcnBoY84AA74V
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerabilityEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 7 months ago
Low
Ecosystems: npm
Packages: thelounge
Source: github
Published: 8 months ago
thelounge: GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113Ecosystems: npm
Packages: thelounge
Source: github
Published: 8 months ago
High
Ecosystems: npm
Packages: react-pdf
Source: github
Published: 8 months ago
pdf.js: GSA_kwCzR0hTQS04N2hxLXE0Z3AtOXdyNM4AA70i
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.jsEcosystems: npm
Packages: react-pdf
Source: github
Published: 8 months ago
High
Ecosystems: npm
Packages: pdfjs-dist
Source: github
Published: 8 months ago
pdf.js: GSA_kwCzR0hTQS13Z3JtLTY3eGYtaGhwcc4AA7z7
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDFEcosystems: npm
Packages: pdfjs-dist
Source: github
Published: 8 months ago
High
Ecosystems: pypi
Packages: starlite, litestar
Source: github
Published: 8 months ago
litestar: GSA_kwCzR0hTQS04M3B2LXFyMzMtMnZjZs4AA7xv
Litestar and Starlite vulnerable to Path TraversalEcosystems: pypi
Packages: starlite, litestar
Source: github
Published: 8 months ago
Moderate
Ecosystems: packagist
Packages: topthink/framework
Source: github
Published: 8 months ago
framework: GSA_kwCzR0hTQS05NjlmLXY3anYtcGdqM84AA7wL
ThinkPHP Cross-Site Scripting VulnerabilityEcosystems: packagist
Packages: topthink/framework
Source: github
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 8 months ago
bc-java: GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoningEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 8 months ago
Low
Ecosystems: pypi
Packages: wagtail
Source: github
Published: 8 months ago
wagtail: GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`Ecosystems: pypi
Packages: wagtail
Source: github
Published: 8 months ago
High
Ecosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
uptime-kuma: GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installationEcosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
uptime-kuma: GSA_kwCzR0hTQS12cjh4LTc0cG0tNnZqN84AA7cq
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data lossEcosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
Critical
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: github
Published: 8 months ago
gitea: GSA_kwCzR0hTQS1yN2g3LWNoaDQtNXJ2bc4AA7Sn
Improper Access Control in GiteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: github
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: github
Published: 8 months ago
gitea: GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in giteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: github
Published: 8 months ago
Moderate
Ecosystems: pypi
Packages: social-auth-app-django
Source: github
Published: 8 months ago
social-app-django: GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case SensitivityEcosystems: pypi
Packages: social-auth-app-django
Source: github
Published: 8 months ago
High
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: 8 months ago
dbt-core: GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerabilityEcosystems: pypi
Packages: dbt-core
Source: github
Published: 8 months ago
High
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 8 months ago
gitea: GSA_kwCzR0hTQS0zaDZjLWM0NzUtam03ds4AA7PT
Arbitrary Code Execution in GiteaEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: 8 months ago
High
Ecosystems: npm
Packages: @hoppscotch/cli
Source: github
Published: 8 months ago
hoppscotch: GSA_kwCzR0hTQS1xbW1tLTczcjItZjh4cs4AA7PR
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCEEcosystems: npm
Packages: @hoppscotch/cli
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
librenms: GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extractionEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
librenms: GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSSEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
librenms: GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extractionEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: github
Published: 8 months ago
authelia: GSA_kwCzR0hTQS14ODgzLTJ2bWcteHdmN84AA7PJ
Authelia's Group Changes may not have the expected results (YAML file backend)Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: github
Published: 8 months ago
Low
Ecosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
uptime-kuma: GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediatelyEcosystems: npm
Packages: uptime-kuma
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: 8 months ago
dolibarr: GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerabilityEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: github
Published: 8 months ago
excalidraw: GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT
Stored Cross-site Scripting (XSS) in excalidraw's web embed componentEcosystems: npm
Packages: @excalidraw/excalidraw
Source: github
Published: 8 months ago
Moderate
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 8 months ago
ImageSharp: GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakageEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 8 months ago
Moderate
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 8 months ago
ImageSharp: GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size ValueEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: github
Published: 8 months ago
wn-dusk-plugin: GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installsEcosystems: packagist
Packages: winter/wn-dusk-plugin
Source: github
Published: 8 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset sectionEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settingsEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic ReportsEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builderEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: timber/timber
Source: github
Published: 8 months ago
timber: GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted DataEcosystems: packagist
Packages: timber/timber
Source: github
Published: 8 months ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving DashboardsEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
mautic: GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description fieldEcosystems: packagist
Packages: mautic/core
Source: github
Published: 8 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 9 months ago
undici: GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectEcosystems: npm
Packages: undici
Source: github
Published: 9 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 9 months ago
undici: GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineEcosystems: npm
Packages: undici
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: 9 months ago
vite: GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1
Vite's `server.fs.deny` did not deny requests for patterns with directories.Ecosystems: npm
Packages: vite
Source: github
Published: 9 months ago
High
Ecosystems: npm
Packages: @electron/packager
Source: github
Published: 9 months ago
packager: GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executableEcosystems: npm
Packages: @electron/packager
Source: github
Published: 9 months ago