Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Critical
GSA_kwCzR0hTQS05ZnFjLTljcHItdzczcc4AAxav
froxlor is vulnerable to privilege escalation from customer to root via directory-options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS12eHBtLThoY3AtcWgyN84AAxad
Payment information sent to PayPal not necessarily identical to created order
Ecosystems: packagist
Packages: swag/paypal
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xM2M4LTY1cTctOXY3OM4AAxZt
Cross site scripting in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tcnF4LW1qYzQtdmZoM84AAxYc
wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xd3g4LW14eHgtbWc5Ns4AAxYb
wallabag contains Improper Authorization via export feature
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS04eHY0LWpqNGgtcXd3Ns4AAxYX
Pimcore contains Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1wZ3ZoLXAzZzQtODZqd84AAxVl
AVideo contains Command injection when embedding a video link
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO
Symfony storing cookie headers in HttpCache
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Published: 6 days ago
Low
GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN
Symfony vulnerable to Session Fixation of CSRF tokens
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oNDVmLXJqdnctMnJ2Ms4AAxUc
Withdrawn: wallabag subject to Improper Authorization
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14cnczLXdxcGgtM2Z4Z84AAxUd
Withdrawn: wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wajk3LXI4M3Ytdmo3Zs4AAxT0
Microweber contains Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 6 days ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13N3c0LXFqZ2ctMzcyeM4AAxPp
Froxlor contains Static Code Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS12cXFtLWM5Z3gtNzczcc4AAxPr
Froxlor contains Business Logic Errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zY2h3LThqcTItdzc2Oc4AAxPn
Froxlor contains Unchecked Error Condition
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1wbTcyLTI3bWctZmMyOM4AAxPg
Froxlor contains Weak Password Requirements
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1oNjMyLXA3NjQtcGpxbc4AAxOZ
DataFlow upload remote code execution vulnerability
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS01ajJnLTNwaDQtcmd2bc4AAxOY
Fix for authenticated remote code execution through layout update
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zcDczLW1tN3YtNGY2bc4AAxOW
DoS vulnerability in MaliciousCode filter
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS01dnB2LXhtY2otOXE4Nc4AAxOV
Fix for arbitrary file deletion in customer media allows for remote code execution
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1jOXEzLXI0cnYtbWptN84AAxOU
Fix for arbitrary command execution in custom layout update through blocks
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE
phpmyadmin contains SQL Injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1nM2o1LW1wcDItMmZxbc4AAxJJ
symfont/process typosquatting malware spoofs symfony/process
Ecosystems: packagist
Packages: symfont/process
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS02dmY2LWczcHItajgzaM4AAxFw
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jaGdjLXJxanItNDZnZ84AAxAo
Cross Site Scripting in simplesamlphp-module-openidprovider
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openidprovider
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS04aGNmLTJtNHYtZjJycc4AAw_o
SQL Injection in liftkit/database
Ecosystems: packagist
Packages: liftkit/database
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1jcDY4LTQycGYtNjYyN84AAw_a
Froxlor vulnerable to Command Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS14cDNnLTI3MjktcnhtM84AAw_b
Froxlor is vulnerable to path traversal
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS05Nng2LWpmNXctODRjNc4AAw_V
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS00cDg4LWNmaHEtZjN2Z84AAw_X
phpMyFAQ has Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS13NDc1LTc0OWgtYzc3bc4AAw_U
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0yNWMzLTdmdmotdjQ1as4AAw_Z
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1tOXhyLThjeDctNTNwas4AAw_R
phpMyFAQ Reflected Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS14Mmg4LTRtaGgtNWh3aM4AAw_W
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS05amZmLTh4bW0tbXcyMs4AAw_Y
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS02NDQ5LXZmNnAtOWhmcM4AAw_T
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS03bWM0LWpwNGYtdjJqMs4AAw-x
Improper Authorization in grumpydictator/firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tOTV4LW0yNWMtdzltcM4AAw6k
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS03dmN4LXY2NXEtOXdwZ84AAw6j
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1weHFqLXhydjUtcXZqZs4AAw6i
XML-RPC for PHP's debugger vulnerable to possible XSS attack
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 27 days ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a
Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 28 days ago
High
GSA_kwCzR0hTQS0yMm05LW0zd3ctNTNoM84AAw3Z
Flarum post mentions can be used to read any post on the forum without access control
Ecosystems: packagist
Packages: flarum/mentions
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS03bTlyLXJxOWotd21taM4AAw1h
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Published: 28 days ago
High
GSA_kwCzR0hTQS13cXF2LWpjZnItOWY1Z84AAw0x
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS0ycGh3LXJncjctNXB2aM4AAw0N
Information Cards Module vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-infocard
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS12ZzV4LTZxNjYtcnZneM4AAwzt
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Ecosystems: packagist
Packages: barzahlen/barzahlen-php
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1tamd3LWYyYzQtZjhxas4AAwzj
WebPA SQL Injection vulnerability
Ecosystems: packagist
Packages: webpa/webpa
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jOXB3LWY0d3AtMjJqcs4AAwzo
SUKOHI Surpass Path Traversal vulnerability
Ecosystems: packagist
Packages: sukohi/surpass
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS13dzQzLW1jdmgtMzVwNM4AAwzd
PaginationServiceProvider SQL Injection vulnerability
Ecosystems: packagist
Packages: ttskch/pagination-service-provider
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13bTMyLTNyNG0tanZjY84AAwzP
Symbiote Seed Open Redirect vulnerability
Ecosystems: packagist
Packages: symbiote/silverstripe-seed
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NHd2LWM3anctancycc4AAwwA
Xataface vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: xataface/xataface
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jZjVyLTNwdm0tdzY0d84AAwvW
typo3-appointments vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: innologi/typo3-appointments
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02bTdjLTQ1ZmYtMzMyOM4AAwuL
FrameworkUserBundle Generates Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: sumocoders/framework-user-bundle
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nZ2o5LTZ4OGotNDl3Oc4AAwss
SimpleSAMLphp simplesamlphp-module-openid
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openid
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13NnFmLWo0cXItZjk0Ns4AAwrc
Froxlor Improper Authorization vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xcjk3LXY4N3AteDk2Nc4AAwrf
Ariadne Component Library vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: arc/web
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qODJ4LWZoOGgtMzI2Z84AAwrd
Yii2 FileAPI Widget vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: vova07/yii2-fileapi-widget
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02Z3d4LWd3NTYtcWhmN84AAwrZ
Froxlor vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zdjdtLTJqcmgtdmM5M84AAwrL
Froxlor vulnerable to Argument Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NXE0LW00NW0tZm05NM4AAwo3
Harvest Chosen vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: harvesthq/chosen
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04aDQzLXhnNWctOWNqN84AAwnh
Microweber vulnerable to unrestricted malicious uploads
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mOHAzLXE4MzQtcTljas4AAwmc
php-mod/curl allows Cross-site Scripting
Ecosystems: packagist
Packages: php-mod/curl
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zNjNxLWo5MngtNzU0M84AAwld
Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcXY5LWdxaDUtN2g5Oc4AAwlj
Snipe-IT allows attackers to check whether a user account exists
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wNHFyLXZxMmctMjJ3cM4AAwkn
ThinkPHP Framework vulnerable to remote code execution
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS02Y3E1LThjajctZzU1OM4AAwgy
CodeIgniter4 Potential Session Handlers Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1naHczLTVxdm0tM21xY84AAwgx
CodeIgniter4 allows spoofing of IP address when using proxy
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05Y21tLTUyY3YtNmh2Y84AAwgb
Microweber vulnerable to Stored Cross-Site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zbW1oLXZxOXctNGMzZ84AAwdo
Microweber vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jeDQ1LTU2NXEtNnF4OM4AAwah
SilverStripe Subsite weakens file permissions
Ecosystems: packagist
Packages: silverstripe/subsites
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNTR2LWd2OHAtOXBxcM4AAwYY
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02dmg2LTcyZzYteHF4Ms4AAwXg
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14djhoLTQzaDktdjNqcc4AAwXf
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02N21oLWh3OHYteDh2Oc4AAwYO
FeehiCMS Unrestricted Upload vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ncWdxLTc4NHEtdjl4cM4AAwXc
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wd2gzLTNwY20tNnZqaM4AAwXN
FeehiCMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02amo4LW1xeDItN2ZnNc4AAwXL
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qdzZ4LTRoOGgtNTY5eM4AAwXU
Roots Soil plugin vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: roots/soil
Source: GitHub Advisory Database
Published: about 2 months ago
Filter by Package
microweber/microweber 68 pimcore/pimcore 44 shopware/platform 40 typo3/cms-core 38 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 snipe/snipe-it 28 moodle/moodle 25 remdex/livehelperchat 22 dolibarr/dolibarr 21 typo3/cms 18 mautic/core 18 concrete5/concrete5 17 cakephp/cakephp 17 shopware/shopware 17 thorsten/phpmyfaq 16 yetiforce/yetiforce-crm 16 silverstripe/framework 16 baserproject/basercms 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 froxlor/froxlor 14 symfony/symfony 14 grumpydictator/firefly-iii 13 tribalsystems/zenario 13 phpmailer/phpmailer 12 getkirby/cms 12 openmage/magento-lts 12 forkcms/forkcms 12 feehi/feehicms 11 intelliants/subrion 11 getgrav/grav 11 francoisjacquet/rosariosis 11 drupal/core 11 contao/core-bundle 10 october/system 10 centreon/centreon 9 concrete5/core 9 kevinpapst/kimai2 9 ssddanbrown/bookstack 8 topthink/framework 8 sylius/sylius 8 facturascripts/facturascripts 8 elefant/cms 8 impresscms/impresscms 8 magento/community-edition 7 ezsystems/ezpublish-kernel 7 october/cms 7 feehi/cms 7 october/backend 7 codeigniter4/framework 7 laravel/framework 7 simplesamlphp/simplesamlphp 6 guzzlehttp/guzzle 6 smarty/smarty 6 pterodactyl/panel 6 prestashop/prestashop 5 ezsystems/ezplatform-kernel 5 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 backdrop/backdrop 5 dompdf/dompdf 5 yourls/yourls 5 sulu/sulu 5 phpmyadmin/phpmyadmin 5 bottelet/flarepoint 5 symfony/security-http 5 pear/archive_tar 4 directmailteam/direct-mail 4 flarum/core 4 bolt/bolt 4 ezsystems/ezplatform-admin-ui 4 nukeviet/nukeviet 4 idno/known 4 pagekit/pagekit 4 symfony/http-foundation 4 symfony/http-kernel 4 tinymce 4 TinyMCE 4 tinymce/tinymce 4 wallabag/wallabag 4 cachethq/cachet 4 bytefury/crater 4 typo3/cms-form 3 elgg/elgg 3 spatie/browsershot 3 prestashop/productcomments 3 illuminate/database 3 notrinos/notrinos-erp 3 sylius/resource-bundle 3 symfony/security 3 enshrined/svg-sanitize 3 nystudio107/craft-seomatic 3 ibexa/core 3 nilsteampassnet/teampass 3 silverstripe/assets 3 wwbn/avideo 3 phpoffice/phpspreadsheet 3 twig/twig 3 composer/composer 3 icecoder/icecoder 3 shopware/storefront 3 rudloff/alltube 3 oro/platform 3 facade/ignition 3 gilacms/gila 3 shopxo/shopxo 2 ezsystems/ezplatform-rest 2 miniorange/miniorange-saml 2 yoast-seo-for-typo3/yoast_seo 2 exceedone/laravel-admin 2 exceedone/exment 2 lavalite/cms 2 yiisoft/yii2-dev 2 anchorcms/anchor-cms 2 erusev/parsedown 2 squizlabs/php_codesniffer 2 croogo/croogo 2 billz/raspap-webgui 2 modx/revolution 2 ptrofimov/beanstalk_console 2 symfony/framework-bundle 2 latte/latte 2 symfony/security-bundle 2 alextselegidis/easyappointments 2 october/october 2 studio-42/elfinder 2 silverstripe/graphql 2 getkirby/panel 2 laravel/laravel 2 symfony/cache 2 typo3/html-sanitizer 2 buddypress/buddypress 2 dweeves/magmi 2 silverstripe/cms 2 badaso/core 2 protobuf 2 silverstripe/admin 2 ibexa/admin-ui 2 opencart/opencart 2 processwire/processwire 2 in2code/femanager 2 noumo/easyii 2 typo3/cms-backend 2 oro/commerce 2 october/rain 2 wintercms/winter 2 com.google.protobuf:protobuf-parent 2 Google.Protobuf 2 librenms 2 unisharp/laravel-filemanager 2 league/commonmark 2 aheinze/cockpit 2 packbackbooks/lti-1-3-php-library 2 typo3fluid/fluid 2 verot/class.upload.php 2 cuyz/valinor 2 admidio/admidio 2 phpfastcache/phpfastcache 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 yiisoft/yii2-gii 2 helloxz/imgurl 2 drupal/drupal 2 filegator/filegator 2 neos/neos 2 s-cart/s-cart 2 ether/logs 2 bolt/core 2 privatebin/privatebin 2 grav 1 amazing/media2click 1 contao/managed-edition 1 vanilla/safecurl 1 livehelperchat/livehelperchat 1 automad/automad 1 swag/paypal 1 xataface/xataface 1 vova07/yii2-fileapi-widget 1 oneup/uploader-bundle 1 appwrite/server-ce 1 litespeed.js 1 laravel/fortify 1 pear/crypt_gpg 1 pwweb/laravel-core 1 joomla/archive 1 czproject/git-php 1 php-mod/curl 1 genix/cms 1 marcwillmann/turn 1 Sylius/Sylius 1 ectouch/ectouch 1 laminas/laminas-form 1 sylius/grid-bundle 1 mgallegos/laravel-jqgrid 1 lexik/jwt-authentication-bundle 1 yiisoft/yii 1 shopware/production 1 matyhtf/framework 1 melisplatform/melis-front 1 pocketmine/bedrock-protocol 1 melisplatform/melis-cms 1 bmarshall511/wordpress_zero_spam 1 statamic/cms 1 symfony/var-exporter 1 web-auth/webauthn-framework 1 yeswiki/yeswiki 1 fenom/fenom 1 open-web-analytics/open-web-analytics 1 t3/dce 1 hillelcoren/invoice-ninja 1 netgen/tagsbundle 1 snipe-it 1 gaoming13/wechat-php-sdk 1 bassjobsen/bootstrap-3-typeahead 1 wpanel/wpanel4-cms 1 socialiteproviders/steam 1 silverstripe/subsites 1 ibexa/graphql 1 symfony/phpunit-bridge 1 bootstrap-3-typeahead 1 simplesamlphp/simplesamlphp-module-openid 1 area17/twill 1 phpservermon/phpservermon 1 yii2mod/yii2-cms 1 s-cart/core 1 luyadev/yii-helpers 1 harvesthq/chosen 1 silverstripe/hybridsessions 1 wp-graphql/wp-graphql 1 sylius/paypal-plugin 1 fluidtypo3/vhs 1 tobiasbg/tablepress 1 andreapollastri/cipi 1 silverstripe/versioned-admin 1 DotNetCasClient 1 doctrine/dbal 1 symfony/serializer 1 silverstripe/silverstripe-omnipay 1 mojo42/jirafeau 1 simplito/elliptic-php 1 guzzlehttp/psr7 1 jasig/phpcas 1 orchid/platform 1 zendframework/zend-http 1 arc/web 1 org.jasig.cas:cas-client 1 rmccue/requests 1 brotkrueml/typo3-matomo-integration 1 phpunit/phpunit 1 brotkrueml/schema 1 krayin/laravel-crm 1 topthink/thinkphp 1 phpmyfaq/phpmyfaq 1 gos/web-socket-bundle 1 symfont/process 1 thinkcmf/thinkcmf 1 phpmussel/phpmussel 1 symfony/security-guard 1 api-platform/core 1 cakephp/database 1 prestashop/ps_emailsubscription 1 topthink/think 1 terminal42/contao-tablelookupwizard 1 limesurvey/limesurvey 1 simplesamlphp/simplesamlphp-module-openidprovider 1 symfony/mime 1 liftkit/database 1 adminer 1 barryvdh/laravel-translation-manager 1 typo3/phar-stream-wrapper 1 kitodo/presentation 1 friendsoftypo3/mediace 1 barrelstrength/sprout-forms 1 symfony/security-core 1 mittwald/typo3_forum 1 barrelstrength/sprout-base-email 1 neoan3-apps/template 1 cardgate/magento2 1 catfan/medoo 1 neorazorx/facturascripts 1 codeception/codeception 1 derhansen/sf_event_mgt 1 islandora/islandora 1 woocommerce/woocommerce 1 hjue/justwriting 1 wanglelecc/laracms 1 nette/application 1 mezzio/mezzio-swoole 1 flarum/tags 1 zendframework/zend-diactoros 1 hyn/multi-tenant 1 symfony/proxy-manager-bridge 1 laminas/laminas-diactoros 1 froala/wysiwyg-editor 1 prestashop/ps_linklist 1 spipu/html2pdf 1 flarum/mentions 1 rankmath/seo-by-rank-math 1