Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
DLA-4408-1
  • Debian:11/python-apt
 python-apt - security update 16 Dec
  • Fix available
GHSA-3pmh-24wp-xpf4
  • PyPI/weblate
 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) 1 hour ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-pj86-258h-qrvf
  • PyPI/weblate
 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration 1 hour ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-vr6p-vq2p-6j74
  • npm/likec4
 LikeC4 has RCE through vulnerable React and Next.js versions 1 hour ago
  • No fix available
  • Severity - 10.0 (Critical)
GHSA-wwrj-3hvj-prpm
  • npm/misskey-js
 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header 2 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-496g-mmpw-j9x3
  • npm/misskey-js
 misskey.js's export data contains private post data 2 hours ago
  • Fix available
  • Severity - 7.1 (High)
GO-2025-4161
  • Go/github.com/VictoriaMetrics/VictoriaMetrics
 VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM in github.com/VictoriaMetrics/VictoriaMetrics 3 hours ago
  • Fix available
GO-2025-4173
  • Go/github.com/eclipse/paho.mqtt.golang
 Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes in github.com/eclipse/paho.mqtt.golang 3 hours ago
  • Fix available
GO-2025-4188
  • Go/github.com/sirupsen/logrus
 Logrus is vulnerable to DoS when using Entry.Writer() in github.com/sirupsen/logrus 3 hours ago
  • Fix available
GO-2025-4233
  • Go/github.com/quic-go/quic-go
 HTTP/3 QPACK Header Expansion DoS in github.com/quic-go/quic-go 3 hours ago
  • Fix available
GO-2025-4235
  • Go/github.com/neuvector/neuvector
 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector 3 hours ago
  • No fix available
GO-2025-4136
  • Go/goauthentik.io
 authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io 3 hours ago
  • No fix available
GO-2025-4137
  • Go/goauthentik.io
 authentik allows a deactivated Service account to authenticate to OAuth in goauthentik.io 3 hours ago
  • No fix available
GO-2025-4148
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server 3 hours ago
  • Fix available
GO-2025-4154
  • Go/github.com/QuantumNous/new-api
 new-api is vulnerable to SSRF Bypass in one-api 3 hours ago
  • No fix available
GO-2025-4162
  • Go/github.com/free5gc/openapi
  • Go/github.com/free5gc/udm
 Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API in github.com/free5gc/openapi 3 hours ago
  • Fix available
Load more...