Withdrawn Advisory: Magento 2 Community Edition XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description In Magento prior to 1.9.4.3 and Magento prior to...

CVE-2019-14470

creationtimestamp| type| source ---|---|--- 2022-05-24 16:55:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-gcv6-2v9c-rj48...

CVE-2019-13127

creationtimestamp| type| source ---|---|--- 2022-05-24 16:49:07+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xm59-jvxm-cp3v...

CVE-2021-21394

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

CVE-2017-1000220

creationtimestamp| type| source ---|---|--- 2022-05-13 01:41:00+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-h2p3-h48h-9jj7...

Discourse 2.9.x < 2.9.0.beta4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

XWiki Privileged API Vulnerability (GHSA-ghcq-472w-vf4h)

XWiki is prone to a privileged API vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

Twisted Web 11.1 < 22.1 Information Disclosure Vulnerability

Twisted Web is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2022-24743 Insufficient Session Expiration in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...

Multi-Factor Authentication issue in Laravel Fortify

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...

Ruby on Rails Information Disclosure Vulnerability (GHSA-rmj8-8hhh-gv5h) - Windows

Ruby on Rails is prone to an information disclosure vulnerability in puma. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Discourse < 2.8.1 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

GHSA-WH98-P28R-VRC9

creationtimestamp| type| source ---|---|--- 2022-02-12 00:29:16+00:00| seen| https://t.me/cibsecurity/37362...

Grafana IDOR Vulnerability (GHSA-63g3-9jq3-mccv)

Grafana is prone to an insecure direct object reference IDOR vulnerability on Grafana Teams APIs. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Incorrect Calculation in github.com/open-policy-agent/opa

Impact Under certain conditions, pretty-printing an AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths, see the example below. All of these three conditions have to be me...

Symfony 5.3.14, 5.4.3, 6.0.3 CSRF Vulnerability (GHSA-vvmr-8829-6whx)

Symfony is prone to a missing cross-site request forgery CSRF token vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Design/Logic Flaw

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

Grafana 8.0.0-beta3 - 8.3.1 Directory Traversal Vulnerability

Grafana is prone to a directory traversal vulnerability for Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-43798

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 except for patched versions iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: /public/plugins//, where is the plugin ID for any installe...