Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
Moderate
Ecosystems: packagist
Packages: dcat/laravel-admin
Source: github
Published: 9 months ago
dcat-admin: GSA_kwCzR0hTQS1tcjI0LWNmNjktNWNocc4AA6SW
dcat-admin Cross Site Scripting vulnerabilityEcosystems: packagist
Packages: dcat/laravel-admin
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: express
Source: github
Published: 9 months ago
express: GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd
Express.js Open Redirect in malformed URLsEcosystems: npm
Packages: express
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: 9 months ago
KaTeX: GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocolsEcosystems: npm
Packages: katex
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: 9 months ago
KaTeX: GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filenameEcosystems: npm
Packages: katex
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: 9 months ago
KaTeX: GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ
KaTeX's maxExpand bypassed by Unicode sub/superscriptsEcosystems: npm
Packages: katex
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: katex
Source: github
Published: 9 months ago
KaTeX: GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY
KaTeX's maxExpand bypassed by `\edef`Ecosystems: npm
Packages: katex
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
grav: GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handlerEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
grav: GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
grav: GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
grav: GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypassEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
grav: GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
Grav File Upload Path TraversalEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: vvvebJs
Source: github
Published: 9 months ago
VvvebJs: GSA_kwCzR0hTQS1wbW0zLTY4cTktNTdqZ84AA6OK
VvvebJs Arbitrary File Upload vulnerabilityEcosystems: npm
Packages: vvvebJs
Source: github
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: vvvebjs
Source: github
Published: 9 months ago
VvvebJs: GSA_kwCzR0hTQS1wYzk1LTN3Z20teDI4cM4AA6OJ
VvvebJs Reflected Cross-Site Scripting (XSS) vulnerabilityEcosystems: npm
Packages: vvvebjs
Source: github
Published: 9 months ago
High
Ecosystems: npm
Packages: webpack-dev-middleware
Source: github
Published: 9 months ago
webpack-dev-middleware: GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc
Path traversal in webpack-dev-middlewareEcosystems: npm
Packages: webpack-dev-middleware
Source: github
Published: 9 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 9 months ago
parse-server: GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: github
Published: 9 months ago
High
Ecosystems: pypi
Packages: astropy
Source: github
Published: 9 months ago
astropy: GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph functionEcosystems: pypi
Packages: astropy
Source: github
Published: 9 months ago
High
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 10 months ago
raspap-webgui: GSA_kwCzR0hTQS12YzlmLW1neHItaDMycs4AA53D
raspap-webgui vulnerable to denial of serviceEcosystems: packagist
Packages: billz/raspap-webgui
Source: github
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: github
Published: 10 months ago
RSSHub: GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request ForgeryEcosystems: npm
Packages: rsshub
Source: github
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: github
Published: 10 months ago
RSSHub: GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxyEcosystems: npm
Packages: rsshub
Source: github
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: 10 months ago
grav: GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatterEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: 10 months ago
High
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 10 months ago
ImageSharp: GSA_kwCzR0hTQS02NXg3LWMyNzItN2c3cs4AA5xd
Use After Free in SixLabors.ImageSharpEcosystems: nuget
Packages: SixLabors.ImageSharp
Source: github
Published: 10 months ago
High
Ecosystems: cargo
Packages: mio
Source: github
Published: 10 months ago
mio: GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistrationEcosystems: cargo
Packages: mio
Source: github
Published: 10 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 10 months ago
phpseclib: GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID lengthEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 10 months ago
High
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 10 months ago
phpseclib: GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of serviceEcosystems: packagist
Packages: phpseclib/phpseclib
Source: github
Published: 10 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: github
Published: 10 months ago
parse-server: GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: github
Published: 10 months ago
Moderate
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 10 months ago
bagisto: GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 10 months ago
Moderate
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: github
Published: 10 months ago
livehelperchat: GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template InjectionEcosystems: packagist
Packages: remdex/livehelperchat
Source: github
Published: 10 months ago
Moderate
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 10 months ago
magento-lts: GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file formEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: 10 months ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: 10 months ago
subrion: GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Withdrawn Advisory: Subrion CMS vulnerable to SQL InjectionEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: github
Published: 10 months ago
fiber: GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: github
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: github
Published: 10 months ago
decidim: GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploadsEcosystems: rubygems
Packages: decidim-core, decidim
Source: github
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: github
Published: 10 months ago
decidim: GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry periodEcosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: github
Published: 10 months ago
Moderate
Ecosystems: rubygems
Packages: decidim-templates
Source: github
Published: 10 months ago
decidim: GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates previewEcosystems: rubygems
Packages: decidim-templates
Source: github
Published: 10 months ago
Low
Ecosystems: rubygems
Packages: decidim
Source: github
Published: 10 months ago
decidim: GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in EndorsementsEcosystems: rubygems
Packages: decidim
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Low
Ecosystems: npm
Packages: undici
Source: github
Published: 10 months ago
undici: GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: github
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: undici
Source: github
Published: 10 months ago
undici: GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undiciEcosystems: npm
Packages: undici
Source: github
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
caddy-security: GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site ScriptingEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: github
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: github
Published: 10 months ago
pixelfed: GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissionsEcosystems: packagist
Packages: pixelfed/pixelfed
Source: github
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: 10 months ago
Ghost: GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issueEcosystems: npm
Packages: ghost
Source: github
Published: 10 months ago
Moderate
Ecosystems: pypi
Packages: nonebot2
Source: github
Published: 11 months ago
nonebot2: GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message TemplatesEcosystems: pypi
Packages: nonebot2
Source: github
Published: 11 months ago
High
Ecosystems: npm
Packages: yarn
Source: github
Published: 11 months ago
yarn: GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerabilityEcosystems: npm
Packages: yarn
Source: github
Published: 11 months ago
Moderate
Ecosystems: cargo
Packages: libpulse-binding
Source: github
Published: 11 months ago
pulse-binding-rust: GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-bindingEcosystems: cargo
Packages: libpulse-binding
Source: github
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: github
Published: 11 months ago
lobe-chat: GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to pluginsEcosystems: npm
Packages: @lobehub/chat
Source: github
Published: 11 months ago
Moderate
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 11 months ago
goreleaser: GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secretsEcosystems: go
Packages: github.com/goreleaser/goreleaser
Source: github
Published: 11 months ago
High
Ecosystems: npm
Packages: @urql/next
Source: github
Published: 11 months ago
urql: GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483
@urql/next Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @urql/next
Source: github
Published: 11 months ago
High
Ecosystems: cargo
Packages: lemmy_server
Source: github
Published: 11 months ago
lemmy: GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instanceEcosystems: cargo
Packages: lemmy_server
Source: github
Published: 11 months ago
High
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: github
Published: 11 months ago
kit: GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKitEcosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: github
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: 11 months ago
Ghost: GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in GhostEcosystems: npm
Packages: ghost
Source: github
Published: 11 months ago
High
Ecosystems: npm
Packages: vite
Source: github
Published: 11 months ago
vite: GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemEcosystems: npm
Packages: vite
Source: github
Published: 11 months ago
Moderate
Ecosystems: cargo
Packages: tracing
Source: github
Published: 11 months ago
tracing: GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracingEcosystems: cargo
Packages: tracing
Source: github
Published: 11 months ago
Moderate
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 11 months ago
bagisto: GSA_kwCzR0hTQS1jOTYyLWc1MzMtODIzZs4AA4gW
Cross-site Scripting in BagistoEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: 11 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: 11 months ago
evershop: GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpointsEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: 11 months ago
Critical
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: 11 months ago
evershop: GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secretEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: 11 months ago
High
Ecosystems: pypi
Packages: fonttools
Source: github
Published: 12 months ago
fonttools: GSA_kwCzR0hTQS02NjczLTQ5ODMtMnZ4Nc4AA4Sn
fonttools XML External Entity Injection (XXE) VulnerabilityEcosystems: pypi
Packages: fonttools
Source: github
Published: 12 months ago
Low
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: 12 months ago
framework: GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirectsEcosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: 12 months ago
High
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: github
Published: 12 months ago
verify-changed-files: GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: github
Published: 12 months ago
High
Ecosystems: actions
Packages: tj-actions/changed-files
Source: github
Published: 12 months ago
changed-files: GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)Ecosystems: actions
Packages: tj-actions/changed-files
Source: github
Published: 12 months ago
Low
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 12 months ago
winter: GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template InjectionEcosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 12 months ago
Low
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 12 months ago
winter: GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidgetEcosystems: packagist
Packages: winter/wn-backend-module
Source: github
Published: 12 months ago
Low
Ecosystems: packagist
Packages: winter/wn-system-module
Source: github
Published: 12 months ago
winter: GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renamingEcosystems: packagist
Packages: winter/wn-system-module
Source: github
Published: 12 months ago
Moderate
Ecosystems: rubygems
Packages: activeadmin
Source: github
Published: 12 months ago
activeadmin: GSA_kwCzR0hTQS14aHZ2LTNqd3ctYzQ4N84AA4D6
ActiveAdmin CSV Injection leading to sensitive information disclosureEcosystems: rubygems
Packages: activeadmin
Source: github
Published: 12 months ago
High
Ecosystems: rubygems
Packages: activeadmin
Source: github
Published: 12 months ago
activeadmin: GSA_kwCzR0hTQS1ycXhjLTlwOGgteHFncc4AA4Ap
Duplicate Advisory: ActiveAdmin vulnerable to CSV injectionEcosystems: rubygems
Packages: activeadmin
Source: github
Published: 12 months ago
Moderate
Ecosystems: maven
Packages: org.grails:grails-databinding
Source: github
Published: about 1 year ago
grails-core: GSA_kwCzR0hTQS0zcGp2LXI3dzQtMmNmNc4AA38i
Grails data binding causes JVM crash and/or other denial of serviceEcosystems: maven
Packages: org.grails:grails-databinding
Source: github
Published: about 1 year ago
High
Ecosystems: maven
Packages: edu.gemini:gsp-graphql-core_native0.4_3, edu.gemini:gsp-graphql-core_native0.4_2.13, edu.gemini:gsp-graphql-core_sjs1_3, edu.gemini:gsp-graphql-core_sjs1_2.13, edu.gemini:gsp-graphql-core_3, edu.gemini:gsp-graphql-core_2.13, org.typelevel:grackle-core_native0.4_3, org.typelevel:grackle-core_native0.4_2.13, org.typelevel:grackle-core_sjs1_3, org.typelevel:grackle-core_sjs1_2.13, org.typelevel:grackle-core_3, org.typelevel:grackle-core_2.13
Source: github
Published: about 1 year ago
grackle: GSA_kwCzR0hTQS1nNTZ4LTdqNnctZzhyOM4AA34j
Grackle has StackOverflowError in GraphQL query processingEcosystems: maven
Packages: edu.gemini:gsp-graphql-core_native0.4_3, edu.gemini:gsp-graphql-core_native0.4_2.13, edu.gemini:gsp-graphql-core_sjs1_3, edu.gemini:gsp-graphql-core_sjs1_2.13, edu.gemini:gsp-graphql-core_3, edu.gemini:gsp-graphql-core_2.13, org.typelevel:grackle-core_native0.4_3, org.typelevel:grackle-core_native0.4_2.13, org.typelevel:grackle-core_sjs1_3, org.typelevel:grackle-core_sjs1_2.13, org.typelevel:grackle-core_3, org.typelevel:grackle-core_2.13
Source: github
Published: about 1 year ago
Low
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: github
Published: about 1 year ago
yii2-authclient: GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementationEcosystems: packagist
Packages: yiisoft/yii2-authclient
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: github
Published: about 1 year ago
yii2-authclient: GSA_kwCzR0hTQS1ydzU0LTY4MjYtYzhqNc4AA34O
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerableEcosystems: packagist
Packages: yiisoft/yii2-authclient
Source: github
Published: about 1 year ago
High
Ecosystems: rubygems
Packages: activeadmin
Source: github
Published: about 1 year ago
activeadmin: GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leakEcosystems: rubygems
Packages: activeadmin
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
microweber: GSA_kwCzR0hTQS1xamZ4LWZ2eDctM3d2d84AA3yi
Business Logic Errors in microweber/microweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: github
Published: about 1 year ago
uptime-kuma: GSA_kwCzR0hTQS04OGo0LXBjeDgtcTRxM84AA3q_
Password Change VulnerabilityEcosystems: npm
Packages: uptime-kuma
Source: github
Published: about 1 year ago
High
Ecosystems: npm
Packages: @koa/cors
Source: github
Published: about 1 year ago
cors: GSA_kwCzR0hTQS1xeHJqLWh4MjMteHA4Ms4AA3qz
Overly permissive origin policyEcosystems: npm
Packages: @koa/cors
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: mediawiki/semantic-media-wiki
Source: github
Published: about 1 year ago
SemanticMediaWiki: GSA_kwCzR0hTQS1oajRjLXZmYzQtNWY5Y84AA3qO
Cross-site Scripting in Semantic MediaWikiEcosystems: packagist
Packages: mediawiki/semantic-media-wiki
Source: github
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS00d3JtLXFtcTItNWZqeM4AA3pc
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS03NDQzLTU5NjItd3A0cs4AA3pf
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS0yeGNqLTU1N2MtaGY4cs4AA3pd
Cross-site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS1namo4LW04M2MtcXY5aM4AA3pY
Cross-site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
evershop: GSA_kwCzR0hTQS1tNnZtLWZmOXYtanAzcs4AA3pZ
Cross Site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: github
Published: about 1 year ago
Low
Ecosystems: pypi
Packages: dbt-core
Source: github
Published: about 1 year ago
dbt-core: GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintextEcosystems: pypi
Packages: dbt-core
Source: github
Published: about 1 year ago
High
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: about 1 year ago
magento-lts: GSA_kwCzR0hTQS05ajV3LTJjcWMtY3dqOc4AA3oh
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG EditorEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: about 1 year ago
High
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
microweber: GSA_kwCzR0hTQS1wOHE2LXFyZ2otN2d4Ms4AA3oa
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET methodEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
Low
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
microweber: GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanismEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
microweber: GSA_kwCzR0hTQS0zcnB4LXBnbWYtajk2aM4AA3mF
Microweber Business Logic ErrorsEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: vite
Source: github
Published: about 1 year ago
vite: GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payloadEcosystems: npm
Packages: vite
Source: github
Published: about 1 year ago
Critical
Ecosystems: actions
Packages: tj-actions/branch-names
Source: github
Published: about 1 year ago
branch-names: GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code InjectionEcosystems: actions
Packages: tj-actions/branch-names
Source: github
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: electron
Source: github
Published: about 1 year ago
electron: GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electronEcosystems: npm
Packages: electron
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
october: GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configurationEcosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
Critical
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
october: GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escapeEcosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
Moderate
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
october: GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injectionEcosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
Moderate
Ecosystems: cargo
Packages: rsa
Source: github
Published: about 1 year ago
RSA: GSA_kwCzR0hTQS1jMzh3LTc0cGctMzZocs4AA3Z_
Marvin Attack: potential key recovery through timing sidechannelsEcosystems: cargo
Packages: rsa
Source: github
Published: about 1 year ago
Moderate
Ecosystems: cargo
Packages: rsa
Source: github
Published: about 1 year ago
RSA: GSA_kwCzR0hTQS00Z3J4LTJ4OXctNTk2Y84AA3Z-
Marvin Attack: potential key recovery through timing sidechannelsEcosystems: cargo
Packages: rsa
Source: github
Published: about 1 year ago