Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
High
Ecosystems: maven
Packages: org.togglz:togglz-console
Source: github
Published: over 2 years ago
togglz: GSA_kwCzR0hTQS02OTd2LXB4ZzMtajI2Ms4AAtZ9
Togglz console missing cross-site request forgery (CSRF) protectionEcosystems: maven
Packages: org.togglz:togglz-console
Source: github
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
llhttp: GSA_kwCzR0hTQS1xNXZ4LTQ0djQtZ2NoNM4AAtZv
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header FieldsEcosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
llhttp: GSA_kwCzR0hTQS01Njg5LXY4OGctZzZyds4AAtZL
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-EncodingEcosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 2 years ago
october: GSA_kwCzR0hTQS04djdoLWNwYzItcjhqcM4AAtX7
October CMS upload process vulnerable to RCE via Race ConditionEcosystems: packagist
Packages: october/system
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: svelte
Source: github
Published: over 2 years ago
svelte: GSA_kwCzR0hTQS13djhxLXI5MzItOGhjN84AAtWH
Svelte vulnerable to XSS when using objects during server-side renderingEcosystems: npm
Packages: svelte
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS05d3FyLTk3ODctcDRyZs4AAtSg
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force passwordEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS1nbWgzLXg1dzctamc1bc4AAtKq
Microweber before v1.2.20 vulnerable to cross-site scriptingEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
known: GSA_kwCzR0hTQS1nNjg4LTdqM2MtaDlmM84AAtKi
Known v1.3.1 Cross-site ScriptingEcosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
known: GSA_kwCzR0hTQS00djRwLTg3bTMtNTQyM84AAtKh
Known v1.3.1 contains Insecure Direct Object ReferenceEcosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
known: GSA_kwCzR0hTQS01amdqLWg5d3AtNTNmcs4AAtKk
Known vulnerable to code execution via SVG file in v1.3.1Ecosystems: packagist
Packages: idno/known
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
parse-server: GSA_kwCzR0hTQS1jcnJxLXZyOWotZnh4aM4AAtHz
Protected fields exposed via LiveQueryEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
next-auth: GSA_kwCzR0hTQS1wZ2p4LTdmOWctOTQ2M84AAtHy
Improper handling of email inputEcosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS1xNm1wLTU2MngtZ2d2ds4AAtGX
Cross-site Scripting in microweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: typeorm
Source: github
Published: over 2 years ago
typeorm: GSA_kwCzR0hTQS1meDR3LXY0M2otdmM0Nc4AAtGB
SQL injection in typeORMEcosystems: npm
Packages: typeorm
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS01cGcyLXFnODctdm1qN84AAtFk
Cross-site Scripting in microweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: topthink/framework
Source: github
Published: over 2 years ago
framework: GSA_kwCzR0hTQS1nMzc3LXg4cmctYzltZs4AAtCY
Deserialization of Untrusted Data in topthink/frameworkEcosystems: packagist
Packages: topthink/framework
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS00MzdqLTVxYzMtYzU4Oc4AAtCQ
Open Redirect in microweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: over 2 years ago
grav: GSA_kwCzR0hTQS1jeGd3LXI1amctN3h3cc4AAtB6
Code injection in gravEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: github
Published: over 2 years ago
RSSHub: GSA_kwCzR0hTQS1qdnh4LXY0NXAtdjV2Zs4AAs7J
Denial of Service (DoS) vulnerability in RSSHubEcosystems: npm
Packages: rsshub
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS0zeDk2LW00MnYtaHZoNc4AAs6_
Cross-site Scripting in MicroweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
next-auth: GSA_kwCzR0hTQS1nNWZtLWpwOXYtMjQzMs4AAs5b
Improper Handling of `callbackUrl` parameter in next-authEcosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS0yN2czLTU4djQtZmc5d84AAs4k
Cross-site Scripting in MicroweberEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
parse-server: GSA_kwCzR0hTQS14dzZnLWpqdmYtd3dmOc4AAs4W
Invalid file request can crash serverEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: got
Source: github
Published: over 2 years ago
got: GSA_kwCzR0hTQS1wZnJ4LTJxODgtcXE5N84AAruS
Got allows a redirect to a UNIX socketEcosystems: npm
Packages: got
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: @discordjs/opus
Source: github
Published: over 2 years ago
opus: GSA_kwCzR0hTQS1ydmdmLTY5ajcteGg3OM4AArtf
Uncontrolled Resource Consumption in @discordjs/opusEcosystems: npm
Packages: @discordjs/opus
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
parse-server: GSA_kwCzR0hTQS1yaDlqLWY1ZjgtcnZnY84AArtc
Authentication bypass vulnerability in Apple Game Center auth adapterEcosystems: npm
Packages: parse-server
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: github
Published: over 2 years ago
Ghost: GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH
Ghost vulnerable to remote code execution in locale setting changeEcosystems: npm
Packages: ghost
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
undici: GSA_kwCzR0hTQS1wZ3c3LXd4N3ctMnczM84AArtC
ProxyAgent vulnerable to MITMEcosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
High
Ecosystems: cargo
Packages: sha2
Source: github
Published: over 2 years ago
hashes: GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backendEcosystems: cargo
Packages: sha2
Source: github
Published: over 2 years ago
High
Ecosystems: cargo
Packages: gfx-auxil
Source: github
Published: over 2 years ago
gfx: GSA_kwCzR0hTQS0yOHA1LTdyZzQtOHY5Oc4AArrI
Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )Ecosystems: cargo
Packages: gfx-auxil
Source: github
Published: over 2 years ago
High
Ecosystems: cargo
Packages: flumedb
Source: github
Published: over 2 years ago
flumedb-rs: GSA_kwCzR0hTQS1wNTZwLWdxM2Ytd2hnOM4AArrH
`Read` on uninitialized buffer may cause UB ( `read_entry()` )Ecosystems: cargo
Packages: flumedb
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
electron: GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundleEcosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
Low
Ecosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
electron: GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabledEcosystems: npm
Packages: electron
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
strapi: GSA_kwCzR0hTQS1tY3FtLTZmZjQtNTNxeM4AArjX
Cross-site Scripting in StrapiEcosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
subrion: GSA_kwCzR0hTQS1qdnE0LWNnZnctamdmNM4AArgU
Cross site scripting in intelliants/subrionEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: semantic-release
Source: github
Published: over 2 years ago
semantic-release: GSA_kwCzR0hTQS14MnBnLW1qaHItMm01eM4AAreR
Exposure of Sensitive Information to an Unauthorized Actor in semantic-releaseEcosystems: npm
Packages: semantic-release
Source: github
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: com.typesafe.play:play_2.13, com.typesafe.play:play_2.12
Source: github
Published: over 2 years ago
playframework: GSA_kwCzR0hTQS1wOXA0LTk3Zzktd2NyaM4AArY7
Dev error stack trace leaking into prod in Play FrameworkEcosystems: maven
Packages: com.typesafe.play:play_2.13, com.typesafe.play:play_2.12
Source: github
Published: over 2 years ago
High
Ecosystems: maven
Packages: com.typesafe.play:play_2.12, com.typesafe.play:play_2.13
Source: github
Published: over 2 years ago
playframework: GSA_kwCzR0hTQS12OHg2LTU5ZzQtNWczd84AArY6
Denial of service binding form from JSON in Play FrameworkEcosystems: maven
Packages: com.typesafe.play:play_2.12, com.typesafe.play:play_2.13
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
librenms: GSA_kwCzR0hTQS0yM2YyLXZncjYtZnd2N84AArWl
Command injection in librenmsEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
librenms: GSA_kwCzR0hTQS0yZ3FnLTJyZzctZ2gzM84AArWh
Cross site scripting in librenmsEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
Low
Ecosystems: npm
Packages: semver-regex
Source: github
Published: over 2 years ago
semver-regex: GSA_kwCzR0hTQS00eDV2LWdtcTgtMjVjaM4AArVj
Regular expression denial of service in semver-regexEcosystems: npm
Packages: semver-regex
Source: github
Published: over 2 years ago
Low
Ecosystems: rubygems
Packages: solidus_backend
Source: github
Published: over 2 years ago
solidus: GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backendEcosystems: rubygems
Packages: solidus_backend
Source: github
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
gitea: GSA_kwCzR0hTQS1waDN3LTI4NDMtNzJteM4AArQx
Stored Cross-site Scripting in giteaEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: fof/upload
Source: github
Published: over 2 years ago
upload: GSA_kwCzR0hTQS1mbTUzLW1wbXAtN3F3Ms4AArNK
Possible cross-site scripting attack via unsanitized SVG files in FoF UploadEcosystems: packagist
Packages: fof/upload
Source: github
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: over 2 years ago
mautic: GSA_kwCzR0hTQS1wanBjLTg3bXAtNDMzMs4AArNG
Cross-site Scripting vulnerability in Mautic's tracking pixel functionalityEcosystems: packagist
Packages: mautic/core
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
next-auth: GSA_kwCzR0hTQS1xMm14LWo0eDItMmg3NM4AArBA
URL Redirection to Untrusted Site ('Open Redirect') in next-authEcosystems: npm
Packages: next-auth
Source: github
Published: over 2 years ago
Critical
Ecosystems: pypi
Packages: numpy
Source: github
Published: over 2 years ago
numpy: GSA_kwCzR0hTQS05ZnEyLXg5cjYtd2ZtZs4AAq9p
Numpy Deserialization of Untrusted DataEcosystems: pypi
Packages: numpy
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS1mYzZoLTc2OXgtZ2ZmNc4AAqpt
Dolibarr ERP and CRM contain XSS VulnerabilityEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
subrion: GSA_kwCzR0hTQS1qajk0LWo0cjMtNWdyNM4AApct
Subrion Cross-Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
cms: GSA_kwCzR0hTQS0zY2ZnLXJ4aDYtaDJyaM4AApBl
LavaLite Stored Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
cms: GSA_kwCzR0hTQS1namY1LWo0NzUtcDRnNs4AApBi
Stored XSS in LavaLite 5.8.0Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
cms: GSA_kwCzR0hTQS12djMzLTI3am0tY3Z4cc4AApBY
Stored XSS in LavaLite 5.8.0Ecosystems: packagist
Packages: lavalite/cms
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: docsify
Source: github
Published: over 2 years ago
docsify: GSA_kwCzR0hTQS01aDd4LTY4d2otamh3Y84AAoCk
Docsify vulnerable to cross-site scripting due to mishandled encodingEcosystems: npm
Packages: docsify
Source: github
Published: over 2 years ago
High
Ecosystems: pypi
Packages: GramAddict
Source: github
Published: over 2 years ago
bot: GSA_kwCzR0hTQS1xNWg2LTQ5Z2ctMndmZ84AAnmm
GramAddict bot uses dependency with reverse tcp backdoorEcosystems: pypi
Packages: GramAddict
Source: github
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: pyqlib
Source: github
Published: over 2 years ago
huntr: GSA_kwCzR0hTQS1oanI0LWZoZ3AtMjNnOc4AAnka
qlib Deserialization of Untrusted Data vulnerabilityEcosystems: pypi
Packages: pyqlib
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS03eDhnLWgyNDYtZ3Z4M84AAm-U
Dolibarr authenticated Remote Code ExecutionEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
High
Ecosystems: pypi
Packages: blosc2
Source: github
Published: over 2 years ago
c-blosc2: GSA_kwCzR0hTQS04YzdjLTJjOGotM3hmcM4AAmup
blosc2 heap-based buffer overflowEcosystems: pypi
Packages: blosc2
Source: github
Published: over 2 years ago
High
Ecosystems: pypi
Packages: scikit-learn
Source: github
Published: over 2 years ago
scikit-learn: GSA_kwCzR0hTQS1qeGZwLTRydnEtOWg5bc4AAmrx
scikit-learn Denial of ServiceEcosystems: pypi
Packages: scikit-learn
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: yourls/yourls
Source: github
Published: over 2 years ago
YOURLS: GSA_kwCzR0hTQS1wd2dnLXI2ZnEtbWY5NM4AAmZg
YOURLS Stored Cross Site Scripting (XSS)Ecosystems: packagist
Packages: yourls/yourls
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS0yZ2NwLXh3eGctaHFnM84AAlyr
Dolibarr Unrestricted Upload of File with Dangerous TypeEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS0yNWgzLW13M3AtdzhyN84AAlrw
Dolibarr CRM allows Privilege EscalationEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
phpbb-app: GSA_kwCzR0hTQS1qaG05LWg4NGgtcnc4M84AAlqR
phpBB Server-Side Request Forgery VulnerabilityEcosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
librenms: GSA_kwCzR0hTQS1nNXI2LXZybXgtOWd3as4AAlbR
LibreNMS SQL Injection vulnerabilityEcosystems: packagist
Packages: librenms/librenms
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
microweber: GSA_kwCzR0hTQS1wbXhnLXc5YzctZmZtcc4AAlY3
Microweber Discloses Sensitive InformationEcosystems: packagist
Packages: microweber/microweber
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS1tMzk2LTJ4M2gtdjN2NM4AAlGL
Dolibarr reflected cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
strapi: GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4
Improper Input Validation in strapiEcosystems: npm
Packages: strapi
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS04djd2LTZtbW0teGp4bc4AAlC9
Dolibarr SQL injection vulnerability in accountancy/customer/card.phpEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: kumbiaphp/kumbiapp
Source: github
Published: over 2 years ago
KumbiaPHP: GSA_kwCzR0hTQS14NmdxLXZyNTktNHE1cc4AAlAa
KumbiaPHP Cross-site ScriptingEcosystems: packagist
Packages: kumbiaphp/kumbiapp
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS1yZzhtLTg0amYtOTM2N84AAkni
Incorrect Authorization in DolibarrEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
subrion: GSA_kwCzR0hTQS1nOGo3LXc2NzMtNG1qcM4AAj7W
Subrion CMS CSRF VulnerabilityEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS0zMjY0LTY1cGctNXhtNM4AAiZt
Dolibarr ERP and CRM HTML InjectionEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: encore/laravel-admin
Source: github
Published: over 2 years ago
laravel-admin: GSA_kwCzR0hTQS1mY21oLTc0OTItZzRxOc4AAiWc
z-song laravel-admin XSS via the Slug or Name on the Roles screenEcosystems: packagist
Packages: encore/laravel-admin
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
phpbb: GSA_kwCzR0hTQS12ajN4LXZmbTQtaHZ4Y84AAiLR
phpBB Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: devise_token_auth
Source: github
Published: over 2 years ago
devise_token_auth: GSA_kwCzR0hTQS1tdnFyLXI3NmMtd201Zs4AAiIZ
Devise Token Auth vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: devise_token_auth
Source: github
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.apereo.cas:cas-server-core-services-authentication, org.apereo.cas:cas-server-support-shell, org.apereo.cas:cas-server-support-oauth-core-api, org.apereo.cas:cas-server-core-services-api, org.apereo.cas:cas-server-support-oidc, org.apereo.cas:cas-server-support-simple-mfa
Source: github
Published: over 2 years ago
cas: GSA_kwCzR0hTQS1nMjR3LTM3M3ItNXB4Z84AAiH0
Use of Insufficiently Random Values in Apereo CASEcosystems: maven
Packages: org.apereo.cas:cas-server-core-services-authentication, org.apereo.cas:cas-server-support-shell, org.apereo.cas:cas-server-support-oauth-core-api, org.apereo.cas:cas-server-core-services-api, org.apereo.cas:cas-server-support-oidc, org.apereo.cas:cas-server-support-simple-mfa
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS00cXE5LXFnN2otZmNtOc4AAhvS
Dolibarr Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: over 2 years ago
bagisto: GSA_kwCzR0hTQS1wZ3dwLWYzeGgtbTI0Z84AAhqY
Bagisto CSRF VulnerabilityEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS0ycndoLTI2MnItcjg1as4AAhdz
Dolibarr ERP and CRM malicious executable loadingEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS1qd2czLXY5eG0tdjZxOc4AAhd4
Dolibarr ERP and CRM Code InjectionEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
gitea: GSA_kwCzR0hTQS01cmg3LTZnZmotbWM4N84AAhV4
Gitea XSS VulnerabilityEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS05N2ZwLTVtODctcjltZs4AAhSf
Dolibarr Cross Site Scripting (XSS)Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
gitea: GSA_kwCzR0hTQS1ocXgyLWozM3gtOWZjNM4AAhQu
Gitea XSS Vulnerability in Repository DescriptionEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
subrion: GSA_kwCzR0hTQS0yY21nLXZ4dmgtOGg3aM4AAhKy
Subrion CMS XSSEcosystems: packagist
Packages: intelliants/subrion
Source: github
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.grails:grails-core
Source: github
Published: over 2 years ago
grails-core: GSA_kwCzR0hTQS1wbXhmLTR2OGMtcndyN84AAg5G
Incorrect Resource Transfer Between Spheres in GrailsEcosystems: maven
Packages: org.grails:grails-core
Source: github
Published: over 2 years ago
Critical
Ecosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
gitea: GSA_kwCzR0hTQS0zMzkzLXI0cDUtdmhxaM4AAglZ
Gitea Allows 1FA Even for 2FA-Enrolled AccountsEcosystems: go
Packages: code.gitea.io/gitea
Source: github
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.openapitools:openapi-generator
Source: github
Published: over 2 years ago
openapi-generator: GSA_kwCzR0hTQS0yN2o1LTJoNnItYzlxMs4AAgfQ
OpenAPI Tools OpenAPI Generator uses HTTP in various filesEcosystems: maven
Packages: org.openapitools:openapi-generator
Source: github
Published: over 2 years ago
High
Ecosystems: npm
Packages: hawk
Source: github
Published: over 2 years ago
hawk: GSA_kwCzR0hTQS00NHB3LWgyY3ctdzN2cc4AAgdL
Uncontrolled Resource Consumption in HawkEcosystems: npm
Packages: hawk
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: shopxo/shopxo
Source: github
Published: over 2 years ago
shopxo: GSA_kwCzR0hTQS04NnA1LTk3anItcjU5OM4AAgbY
Arbitrary file upload in ShopXOEcosystems: packagist
Packages: shopxo/shopxo
Source: github
Published: over 2 years ago
Critical
Ecosystems: pypi, maven
Packages: mercurial, org.eclipse.jgit:org.eclipse.jgit
Source: github
Published: over 2 years ago
libgit2: GSA_kwCzR0hTQS02dnZjLWMybTMtY2pmM84AAgWm
JGit Improper Input Validation vulnerabilityEcosystems: pypi, maven
Packages: mercurial, org.eclipse.jgit:org.eclipse.jgit
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
phpbb-app: GSA_kwCzR0hTQS1qdzhmLXE4NGctcjN2bc4AAgQF
phpBB vulnerable to sensitive information disclosureEcosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
phpbb-app: GSA_kwCzR0hTQS04aDljLXJjd2otamc4cM4AAgNp
phpBB 3.0.7 allows remote attackers to bypass intended access restrictionsEcosystems: packagist
Packages: phpbb/phpbb
Source: github
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: celery
Source: github
Published: over 2 years ago
celery: GSA_kwCzR0hTQS1ycGM2LWg0NTUtM3J4Nc4AAf1-
Celery local privilege escalation vulnerabilityEcosystems: pypi
Packages: celery
Source: github
Published: over 2 years ago
High
Ecosystems: pypi
Packages: cobbler
Source: github
Published: over 2 years ago
cobbler: GSA_kwCzR0hTQS1nMzRjLW1nNm0teHZ4as4AAfoT
Cobbler subject to Command InjectionEcosystems: pypi
Packages: cobbler
Source: github
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: cobbler
Source: github
Published: over 2 years ago
cobbler: GSA_kwCzR0hTQS1ocGozLTVwNDYtZzg3d84AAeNk
Cobbler vulnerable to code injection via unsafe YAML loadingEcosystems: pypi
Packages: cobbler
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
october: GSA_kwCzR0hTQS05aHE4LXYyamMtcWo0cs4AAdqt
October CMS XSS In Caption Tag of ProfileEcosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS1qaDVwLXdwZzItOHJnds4AAdcS
Dolibarr ERP and CRM contain XSS VulnerabilitiesEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
High
Ecosystems: packagist
Packages: slim/slim
Source: github
Published: over 2 years ago
Slim: GSA_kwCzR0hTQS03NG1mLXZqcGctOXhoN84AAc0L
Slim vulnerable to PHP object injectionEcosystems: packagist
Packages: slim/slim
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: over 2 years ago
yii2: GSA_kwCzR0hTQS13Mnh4LWpwOWYtZ3A4Z84AActh
Yii Framework Cross-site Scripting VulnerabilityEcosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
dolibarr: GSA_kwCzR0hTQS02Znc4LXZmMngtNHdwbc4AActX
Dolibarr ERP and CRM contain Cross-site Scripting VulnerabilityEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 2 years ago
urllib3: GSA_kwCzR0hTQS12NHc1LXAyaGctOGZoNs4AAcGU
Urllib3 Incorrect Certificate ValidationEcosystems: pypi
Packages: urllib3
Source: github
Published: over 2 years ago