Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

High
memos: GSA_kwCzR0hTQS12d2c0LTg0NngtZjk0ds4AAwkW
usememos/memos vulnerable to improper authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 2 years ago
High
cpython: GSA_kwCzR0hTQS12M2M1LWpxcjYtN3FtOM4AAwjq
Python Charmers Future denial of service vulnerability
Ecosystems: pypi
Packages: future
Source: github
Published: about 2 years ago
Moderate
tauri: GSA_kwCzR0hTQS02bXYzLXdtN2otaDR3Nc4AAwgz
Tauri Filesystem Scope Glob Pattern is too Permissive
Ecosystems: cargo
Packages: tauri
Source: github
Published: about 2 years ago
Moderate
liquidjs: GSA_kwCzR0hTQS00NXJtLTI4OTMtNWY0Oc4AAwgi
liquidjs may leak properties of a prototype
Ecosystems: npm
Packages: liquidjs
Source: github
Published: about 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS05Y21tLTUyY3YtNmh2Y84AAwgb
Microweber vulnerable to Stored Cross-Site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS0zbW1oLXZxOXctNGMzZ84AAwdo
Microweber vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 2 years ago
High
patchelf: GSA_kwCzR0hTQS01cGNqLTNtMjYtdzYzM84AAwbh
Patchelf out-of-bounds read
Ecosystems: pypi
Packages: patchelf
Source: github
Published: about 2 years ago
Moderate
memos: GSA_kwCzR0hTQS1yZ2o1LWpqNXEtdjN2N84AAwZz
Memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: github
Published: about 2 years ago
High
loofah: GSA_kwCzR0hTQS0zeDhyLXg2eHAtcTR2bc4AAwSe
Uncontrolled Recursion in Loofah
Ecosystems: rubygems
Packages: loofah
Source: github
Published: about 2 years ago
Moderate
loofah: GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: github
Published: about 2 years ago
High
loofah: GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in Loofah
Ecosystems: rubygems
Packages: loofah
Source: github
Published: about 2 years ago
High
casdoor: GSA_kwCzR0hTQS1mOTNmLTU1YzItOGM4Oc4AAwL_
Casdoor arbitrary file deletion vulnerability via uploadFile function
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 years ago
High
framework: GSA_kwCzR0hTQS01OWZoLXJqcTMteHE3as4AAwLl
Thinkphp has a code logic error
Ecosystems: packagist
Packages: topthink/framework
Source: github
Published: about 2 years ago
Critical
ff4j: GSA_kwCzR0hTQS02NWhqLTlwcHctNzd4Y84AAwGQ
ff4j is vulnerable to Remote Code Execution (RCE)
Ecosystems: maven
Packages: org.ff4j:ff4j-core
Source: github
Published: about 2 years ago
Critical
owncast: GSA_kwCzR0hTQS1jdmg0LWNqYzktODRxbc4AAwFH
owncast is vulnerable to SQL Injection
Ecosystems: go
Packages: github.com/owncast/owncast
Source: github
Published: about 2 years ago
High
Ghost: GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: github
Published: about 2 years ago
Critical
badaso: GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: github
Published: about 2 years ago
Critical
electron: GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: github
Published: about 2 years ago
Critical
wger: GSA_kwCzR0hTQS1ncjU4LTc2cnAtbW1nNM4AAwCL
wger vulnerable to brute force attempts
Ecosystems: pypi
Packages: wger
Source: github
Published: about 2 years ago
Moderate
backdrop: GSA_kwCzR0hTQS01OHJqLXcycWYtcWpnN84AAwBE
Cross-site Scripting in Backdrop CMS
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: about 2 years ago
Moderate
backdrop: GSA_kwCzR0hTQS12Y3ZnLWc4cDItM2hxcs4AAwAd
Cross-site Scripting in Backdrop CMS
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: about 2 years ago
High
microweber: GSA_kwCzR0hTQS1ycDdmLWZobTgtOWhwZs4AAwAJ
Account Takeover Through Password Reset Poisoning
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: about 2 years ago
Moderate
backdrop: GSA_kwCzR0hTQS1nOWNwLTlmdzMtNTZjZs4AAwAW
Cross-site Scripting in Backdrop CMS
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: about 2 years ago
Critical
framework: GSA_kwCzR0hTQS03eDR3LWo5OHAtODU0eM4AAv_a
Cross site scripting vulnerability with discussion titles
Ecosystems: packagist
Packages: flarum/core
Source: github
Published: about 2 years ago
High
yii: GSA_kwCzR0hTQS00NDJmLXdjd3EtZnBjZs4AAv_K
Prevent RCE when deserializing untrusted user input
Ecosystems: packagist
Packages: yiisoft/yii
Source: github
Published: about 2 years ago
Moderate
fastify: GSA_kwCzR0hTQS0zZmpqLXA3OWotYzloaM4AAv_I
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Ecosystems: npm
Packages: fastify
Source: github
Published: about 2 years ago
Moderate
backdrop: GSA_kwCzR0hTQS1nOGp3LTh2cHYtcHY1cc4AAv-3
Cross-site Scripting in Backdrop CMS
Ecosystems: packagist
Packages: backdrop/backdrop
Source: github
Published: about 2 years ago
Moderate
bc-java: GSA_kwCzR0hTQS02OG04LXY4OWotN2oycM4AAv98
Garbage collection issue in BC-FJA in Java 13 and later
Ecosystems: maven
Packages: org.bouncycastle:bc-fips
Source: github
Published: about 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS1yNGdxLWh2MnItbXJmNc4AAv9c
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
High
librenms: GSA_kwCzR0hTQS1mM2h3LTNoNzQtd3I5OM4AAv9Y
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS01aDc3LTQyNDUtcGc1cM4AAv9d
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
High
librenms: GSA_kwCzR0hTQS1jdjlnLWg4bW0teHg1aM4AAv9a
Deserialization of Untrusted Data in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS1xY2g0LWptZjgteHZwN84AAv9Z
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS0yNjR3LWd3OWctZmhnas4AAv9b
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS1wNTVtLWc0bTMtcW1ycM4AAv9X
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Critical
librenms: GSA_kwCzR0hTQS14OTNqLTNoaDMtNngyM84AAv9W
Insufficient Session Expiration in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: about 2 years ago
Critical
dolibarr: GSA_kwCzR0hTQS1naDdtLWo2NzMtd205N84AAv7L
Dolibarr vulnerable to privilege escalation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: about 2 years ago
Moderate
deeplearning4j: GSA_kwCzR0hTQS1yYzM5LWc5NzctNjg3d84AAv0X
Use of unclaimed s3 bucket in tests and examples
Ecosystems: maven
Packages: org.deeplearning4j:dl4j-examples, org.deeplearning4j:platform-tests
Source: github
Published: about 2 years ago
High
redwood: GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
Ecosystems: npm
Packages: @redwoodjs/api
Source: github
Published: about 2 years ago
High
parse-server: GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Moderate
electron: GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: github
Published: about 2 years ago
High
parse-server: GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Moderate
subrion: GSA_kwCzR0hTQS1qcnZyLWdtcXYtaGdyaM4AAvxg
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: about 2 years ago
Moderate
subrion: GSA_kwCzR0hTQS0zd21nLTI4djktOGhmNs4AAvxf
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: about 2 years ago
Low
tauri: GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: github
Published: about 2 years ago
Critical
parse-server: GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
High
winter: GSA_kwCzR0hTQS0zZmg1LXE2ZmctdzI4cc4AAvj1
Prototype pollution in Snowboard framework
Ecosystems: packagist
Packages: wintercms/winter
Source: github
Published: about 2 years ago
Critical
badaso: GSA_kwCzR0hTQS1md3ZjLTl4aGotMjZ2Nc4AAvi3
Badaso vulnerable to Remote Code Execution via malicious file upload
Ecosystems: packagist
Packages: badaso/core
Source: github
Published: about 2 years ago
Critical
pikepdf: GSA_kwCzR0hTQS14NThqLWo1Mzktdzhtds4AAvg1
Duplicate Advisory: Improper Restriction of XML External Entity Reference in pikepdf
Ecosystems: pypi
Packages: pikepdf
Source: github
Published: about 2 years ago
High
parse-server: GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte range
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 2 years ago
Critical
gitea: GSA_kwCzR0hTQS13OHh3LTdjcmYtaDIzeM4AAvXZ
Gitea vulnerable to Argument Injection
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: github
Published: about 2 years ago
High
loader-utils: GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Ecosystems: npm
Packages: loader-utils
Source: github
Published: about 2 years ago
High
october: GSA_kwCzR0hTQS14NHE3LW02ZnAtNHY5ds4AAvUA
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 2 years ago
Critical
loader-utils: GSA_kwCzR0hTQS03NnAzLThqeDMtanBmcc4AAvTd
Prototype pollution in webpack loader-utils
Ecosystems: npm
Packages: loader-utils
Source: github
Published: about 2 years ago
High
loader-utils: GSA_kwCzR0hTQS1oaHEzLWZmNzgtanYzZ84AAvRq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: loader-utils
Source: github
Published: about 2 years ago
High
fastify: GSA_kwCzR0hTQS00NTV3LWM0NXYtODZyZ84AAvO9
fastify vulnerable to denial of service via malicious Content-Type
Ecosystems: npm
Packages: fastify
Source: github
Published: about 2 years ago
High
generator-jhipster: GSA_kwCzR0hTQS04dzd3LTY3bXctcjVwN84AAvLq
generator-jhipster vulnerable to login check Regular Expression Denial of Service
Ecosystems: npm
Packages: generator-jhipster
Source: github
Published: about 2 years ago
Moderate
next-auth: GSA_kwCzR0hTQS00cnhyLTI3bW0tbXhxOc4AAvIm
Upstash Adapter missing token verification
Ecosystems: npm
Packages: @next-auth/upstash-redis-adapter
Source: github
Published: over 2 years ago
High
hoek: GSA_kwCzR0hTQS1jNDI5LTVwN3YtdmdqcM4AAvB6
hoek subject to prototype pollution via the clone function.
Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: github
Published: over 2 years ago
Low
parse-server: GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Moderate
parse-server: GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is known
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Moderate
commonmarker: GSA_kwCzR0hTQS00cXc0LWpwcDQtOGd2cM4AAu97
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: github
Published: over 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h
Microweber Cross-site Scripting can result in redirection to a malicious site
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS1nbThjLXc5Y20tYzQ0Nc4AAu9c
Microweber vulnerable to HTML Injection in create tag functionality
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
vuetify: GSA_kwCzR0hTQS1xNHE1LWM1Y3YtMnA2OM4AAu6M
Vuetify Cross-site Scripting vulnerability
Ecosystems: maven, npm
Packages: org.webjars.npm:vuetify, vuetify
Source: github
Published: over 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS0zamgyLXdtdjctbTkzMs4AAu6F
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
High
parse-server: GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Moderate
tauri: GSA_kwCzR0hTQS0yOG04LTlqN3YteDQ5Oc4AAu1w
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Ecosystems: cargo
Packages: tauri
Source: github
Published: over 2 years ago
Moderate
http: GSA_kwCzR0hTQS13M3c5LXZyZjUtOG14OM4AAu1p
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Ecosystems: packagist
Packages: react/http
Source: github
Published: over 2 years ago
Critical
framework: GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: github
Published: over 2 years ago
High
axum: GSA_kwCzR0hTQS1tNzdmLTY1MnEtd3dwNM4AAuzu
axum-core has no default limit put on request bodies
Ecosystems: cargo
Packages: axum-core
Source: github
Published: over 2 years ago
High
graphql-java: GSA_kwCzR0hTQS12NjJqLWN4aGgtZnEyMs4AAuu3
graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources
Ecosystems: maven
Packages: com.graphql-java:graphql-java
Source: github
Published: over 2 years ago
Critical
casdoor: GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ
Casdoor arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: over 2 years ago
Moderate
x-spreadsheet: GSA_kwCzR0hTQS14NWN3LTg0M2YtcjM2Ns4AAujc
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: x-data-spreadsheet
Source: github
Published: over 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS0zMjV2LWc1dngtd2h4Y84AAujP
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
Moderate
librenms: GSA_kwCzR0hTQS01MjI5LTk0cDMtN3d3cc4AAujV
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
High
node-opcua: GSA_kwCzR0hTQS12aDRmLWZncHAteDh4Ms4AAubn
node-opcua DoS when bypassing limitations for excessive memory consumption
Ecosystems: npm
Packages: node-opcua
Source: github
Published: over 2 years ago
High
node-opcua: GSA_kwCzR0hTQS00aHI0LXBqamgtMnEyd84AAuZo
Uncontrolled Resource Consumption in node-opcua
Ecosystems: npm
Packages: node-opcua
Source: github
Published: over 2 years ago
High
node-opcua: GSA_kwCzR0hTQS1xcGdjLXhoN2otNTJxOM4AAuaR
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
Ecosystems: npm
Packages: node-opcua
Source: github
Published: over 2 years ago
High
jellyfin: GSA_kwCzR0hTQS1xd3AzLTVmdzMtNXdnds4AAuWw
Incorrect Access Control and Cross Site Scripting in Jellyfin
Ecosystems: nuget
Packages: Jellyfin.Common
Source: github
Published: over 2 years ago
High
vite: GSA_kwCzR0hTQS1tdjQ4LWhjdmgtOGpqOM4AAuGt
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Ecosystems: npm
Packages: vite
Source: github
Published: over 2 years ago
Moderate
undici: GSA_kwCzR0hTQS1mNzcyLTY2ZzgtcTVoM84AAuFo
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Moderate
undici: GSA_kwCzR0hTQS04cXI0LXhndzYtd21yM84AAuFj
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
High
pycord: GSA_kwCzR0hTQS1xbWhqLW0yOXYtZ3Ztcs4AAuFg
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
Ecosystems: pypi
Packages: py-cord
Source: github
Published: over 2 years ago
Moderate
gitea: GSA_kwCzR0hTQS1maHY4LW00ajQtY3d3Ms4AAt-G
Gitea allowed assignment of private issues
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS1jZjZyLXE2NzgtZjJwN84AAt9d
Microweber's title parameter in the body of POST request vulnerable to stored XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Low
next-auth: GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
High
sanic: GSA_kwCzR0hTQS04Y3c5LTVobXYtNzd3Ns4AAt2Z
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
Ecosystems: pypi
Packages: sanic
Source: github
Published: over 2 years ago
Low
byobu: GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: github
Published: over 2 years ago
Critical
next-auth: GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Moderate
node-fetch: GSA_kwCzR0hTQS12cDU2LTZnMjYtNjgyN84AAtwJ
node-fetch Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: node-fetch
Source: github
Published: over 2 years ago
Critical
fs2: GSA_kwCzR0hTQS0yY3B4LTZwcXAtd2YzNc4AAtvK
fs2-io skips mTLS client verification
Ecosystems: maven
Packages: co.fs2:fs2-io
Source: github
Published: over 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS14ZzcyLTZjODMtZ2hoNM4AAtmg
Microweber Stored Cross-site Scripting before v1.2.20
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
microweber: GSA_kwCzR0hTQS1jZmNnLTJxZ3ItdjI0M84AAtly
Microweber before 1.2.21 vulnerable to reflected XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
High
file-type: GSA_kwCzR0hTQS1taHhqLTg1cjMtMng1Nc4AAtkt
file-type vulnerable to Infinite Loop via malformed MKV file
Ecosystems: npm
Packages: file-type
Source: github
Published: over 2 years ago
Critical
grails-core: GSA_kwCzR0hTQS02cmg2LXg4d3ctOWg5N84AAtkJ
Grails framework Remote Code Execution via Data Binding
Ecosystems: maven
Packages: org.grails:grails-databinding
Source: github
Published: over 2 years ago
Low
undici: GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Moderate
undici: GSA_kwCzR0hTQS0zY3ZyLTgyMnItcnFjY84AAtkH
undici before v5.8.0 vulnerable to CRLF injection in request headers
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
High
terser: GSA_kwCzR0hTQS00d2Y1LXZwaGYtYzJ4Y84AAtaQ
Terser insecure use of regular expressions leads to ReDoS
Ecosystems: npm
Packages: terser
Source: github
Published: over 2 years ago
Moderate
winter: GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC
Bypass of CMS Safe Mode Security Feature
Ecosystems: packagist
Packages: wintercms/winter
Source: github
Published: over 2 years ago