Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
MAL-2024-1357
Malicious code in by-fetch (npm)
  • 1561.1.1
 2024-05-11T22:19:38Z No fix available
GO-2024-2638
  • Go/github.com/cosmos/cosmos-sdk
 ValidateVoteExtensions function in Cosmos SDK may allow incorrect voting power assumptions in github.com/cosmos/cosmos-sdk
  • See details.
 2024-05-10T21:39:27Z Fix available
GO-2024-2800
  • Go/github.com/hashicorp/go-getter
 Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter
  • See details.
 2024-05-10T21:39:25Z Fix available
GO-2024-2821
  • Go/github.com/stacklok/minder
 Denial of Service from untrusted requests in github.com/stacklok/minder
  • See details.
 2024-05-10T20:07:31Z Fix available
GO-2024-2826
  • Go/vitess.io/vitess
 Denial of service attack by triggering unbounded memory usage in vitess.io/vitess
  • See details.
 2024-05-10T20:07:17Z Fix available
GHSA-jcqq-g64v-gcm7
  • Go/github.com/spacemeshos/go-spacemesh
  • Go/github.com/spacemeshos/api
 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
  • See details.
 2024-05-10T15:33:40Z Fix available
GHSA-7prj-9ccr-hr3q
  • Packagist/sylius/sylius
 Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
  • v1.12.0
  • v1.12.0-alpha.1
  • v1.12.0-alpha.2
  • v1.12.0-beta.1
  • v1.12.0-rc.1
  • v1.12.1
  • v1.12.10
  • ...
 2024-05-10T15:33:22Z Fix available
GHSA-v2f9-rv6w-vw8r
  • Packagist/sylius/sylius
 Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
  • v1.12.0
  • v1.12.0-alpha.1
  • v1.12.0-alpha.2
  • v1.12.0-beta.1
  • v1.12.0-rc.1
  • v1.12.1
  • v1.12.10
  • ...
 2024-05-10T15:33:01Z Fix available
GHSA-x525-54hf-xr53
  • Packagist/froxlor/froxlor
 Blind XSS Leading to Froxlor Application Compromise
  • 0.10.0
  • 0.10.0-rc1
  • 0.10.0-rc2
  • 0.10.1
  • 0.10.10
  • 0.10.11
  • 0.10.12
  • ...
 2024-05-10T15:29:59Z Fix available
GHSA-mxhq-xw3g-rphc
  • npm/@lobehub/chat
 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
  • See details.
 2024-05-10T15:29:51Z Fix available
RLSA-2024:1438
  • Rocky Linux:9/nodejs
 Important: nodejs security update
  • See details.
 2024-05-10T14:33:20.646898Z Fix available
RLSA-2023:7711
  • Rocky Linux:9/apr
 Moderate: apr security update
  • See details.
 2024-05-10T14:33:09.148442Z Fix available
RLSA-2024:1427
  • Rocky Linux:9/libreoffice
 Important: libreoffice security update
  • See details.
 2024-05-10T14:32:53.047364Z Fix available
RLSA-2023:6539
  • Rocky Linux:9/perl-CPAN
 Moderate: perl-CPAN security update
  • See details.
 2024-05-10T14:32:42.380544Z Fix available
RLSA-2023:7712
  • Rocky Linux:9/tracker-miners
 Important: tracker-miners security update
  • See details.
 2024-05-10T14:32:42.380544Z Fix available
RLSA-2024:0675
  • Rocky Linux:9/gimp
 Important: gimp security update
  • See details.
 2024-05-10T14:32:42.380544Z Fix available
Load more...