Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/casdoor/casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://github.com/casdoor/casdoor

Moderate

GSA_kwCzR0hTQS1ndjJwLTRtdmctZzMyaM4AA-4d

Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago

High

GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c

Casdoor CORS misconfiguration (GHSL-2024-035)
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub

casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T

Casdoor Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: over 1 year ago

High

GSA_kwCzR0hTQS1mOTNmLTU1YzItOGM4Oc4AAwL_

Casdoor arbitrary file deletion vulnerability via uploadFile function
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: about 2 years ago

Critical

GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ

Casdoor arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: over 2 years ago

High

GSA_kwCzR0hTQS1tMzU4LWc0cnAtNTMzcs0n5A

SQL Injection in Casdoor
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: github
Published: almost 3 years ago