Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/saltcorn/saltcorn

Free and open source no-code application builder
https://github.com/saltcorn/saltcorn

Moderate

GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4

Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago

High

GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3

Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago

High

GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h

@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: github
Published: 3 months ago

High

GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q

@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P

@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O

@saltcorn/server arbitrary file zip read and download when downloading auto backups
Ecosystems: npm
Packages: @saltcorn/server
Source: github
Published: 3 months ago

High

GSA_kwCzR0hTQS13eGYzLTRmdmotdnFxeM4AA067

Unsafe plugins can be installed via pack import by tenant admins
Ecosystems: npm
Packages: @saltcorn/cli
Source: github
Published: over 1 year ago