Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g4vj-cjjj-v7hg
  • NuGet/NuGet.CommandLine
  • NuGet/NuGet.Packaging
  • NuGet/NuGet.Protocol
Defense in Depth update for NuGet Client 2 hours ago
  • Fix available
GHSA-2x79-gwq3-vxxm
  • RubyGems/iodine
Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem 2 hours ago
  • No fix available
  • Severity - 8.7 (High)
GHSA-355h-qmc2-wpwf
  • Maven/org.eclipse.jetty:jetty-http
Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing 2 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-hv4r-mvr4-25vw
  • Go/github.com/minio/minio
MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads 2 hours ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-2hx3-vp6r-mg3f
  • NuGet/kiota
Kiota: Code Generation Literal Injection 2 hours ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-fj52-5g4h-gmq8
  • PyPI/pyload-ng
pyLoad's Session Not Invalidated After Permission Changes 2 hours ago
  • No fix available
  • Severity - 2.9 (Low)
GHSA-66hx-chf7-3332
  • PyPI/pyload-ng
pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass) 2 hours ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-95wr-3f2v-v2wh
  • Packagist/craftcms/cms
Craft CMS has a host header injection leading to SSRF via resource-js endpoint 2 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-3m9m-24vh-39wx
  • Packagist/craftcms/cms
Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations 2 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-jq2f-59pj-p3m3
  • Packagist/craftcms/cms
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action 2 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-hw5x-4r37-72w7
  • Go/github.com/opentofu/opentofu
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses 2 hours ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-fcpv-w245-r2q7
  • NuGet/DotNetNuke.Core
DotNetNuke.Core security code analysis rules triggered 2 hours ago
  • Fix available
GHSA-pq96-pwvg-vrr9
  • Go/github.com/fatedier/frp
frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control 2 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-x928-4434-crqj
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • ... 13 more
ImageMagick has a memory leak in PNG encoder when writing a MNG image 2 hours ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-pmpg-6pww-fg6q
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • ... 13 more
ImageMagick has out-of-bounds access in ConnectedComponentsImage() via CLI-controlled connected-components:* artifacts 2 hours ago
  • Fix available
  • Severity - 3.3 (Low)
GHSA-8vfj-q2cp-5m5j
  • NuGet/Magick.NET-Q16-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-AnyCPU
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64
  • NuGet/Magick.NET-Q16-HDRI-OpenMP-x64
  • NuGet/Magick.NET-Q16-HDRI-arm64
  • ... 13 more
ImageMagick has a heap buffer overflow read in magnify operation via unrecognized magnify:method value 2 hours ago
  • Fix available
  • Severity - 3.3 (Low)