Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Browse all Security Advisories for packagist

Loading...
Moderate
GSA_kwCzR0hTQS14ZnY3LWgycWctcmptN84ABBlL
Moodle Lesson activity password bypass through PHP loose comparison
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1yNHhyLW0zOTMtNzc4bc4ABBlP
Moodle IDOR when accessing list of course badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1maGcyLXIyaDktaDdxOM4ABBlV
Moodle IDOR when deleting OAuth2 linked accounts
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1qODIyLXg1Z2ctNXI1Ns4ABBlQ
Moodle allows users to retrieve information they did not have permission to access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 18 hours ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTdqeGMtOHA2eM4ABBgP
Redaxo Core CMS Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1wN2Y2LThtY20tZnd2M84ABBfv
Statamic CMS has a Path Traversal in Asset Upload
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 1 day ago
High
GSA_kwCzR0hTQS03Y2M5LWo0bXYtdmNqcM4ABBeQ
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
High
GSA_kwCzR0hTQS1qdzR4LXY2OWYtaGg1d84ABBeP
XmlScanner bypass leads to XXE
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1manE5LTQ1Mmctamczcc4ABBdJ
moodle: Some users can delete audiences of other reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14M3g5LTM0OXgtMjQ4Nc4ABBdA
moodle: IDOR in edit/delete RSS feed
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tZzU0LXAyd2otNXBoN84ABBdH
moodle: IDOR when fetching report schedules
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jcTVmLXd2N3AtNWdmY84ABBdI
Moodle leaks user names
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
High
GSA_kwCzR0hTQS04Zmg0LTk0MnItamYyZ84ABBab
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14NjQ1LTZwZjkteHd4d84ABBZK
LibreNMS has an Authenticated OS Command Injection
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 6 days ago
High
GSA_kwCzR0hTQS1ndjRtLWY2ZngtODU5eM4ABBZJ
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS0yOHA3LWY2aDYtM2poM84ABBZI
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1wNjZxLXBwd3ItcTVqOM4ABBZH
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS03NjYzLTM3cmctYzM3N84ABBZG
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS00bTVyLXcycnEtcTU0cc4ABBZF
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 6 days ago
High
GSA_kwCzR0hTQS1xcjhmLTVxcWctajN3Z84ABBZE
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS12N3c5LTYzeGgtNnIzd84ABBZD
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS14aDRnLWM5cDYtNWp4Z84ABBY1
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1ybXI0LXg2YzktamM2OM4ABBY0
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS04ODhqLXBqcWgtZng1OM4ABBYz
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1jODZxLXJqMzctOGY4Nc4ABBYy
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 6 days ago
High
GSA_kwCzR0hTQS1nZndyLXhxbWotajI3ds4ABBYx
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS05OXc4LWM1ZjYtOTZwcM4ABBYh
CSRF leading to delete account in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 days ago
Critical
GSA_kwCzR0hTQS01NzdwLTdqN2gtMmpnZs4ABBYY
Deserialization of Untrusted Data in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oaHZyLTJxNjktNDU2M84ABBYe
Cross site scripting in sylius/sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 days ago
Critical
GSA_kwCzR0hTQS0zdmpoLXhyaGYtdjl4aM4ABBYa
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13cHByLWo1N2MtOGpwbc4ABBYo
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 6 days ago
High
GSA_kwCzR0hTQS04MjM3LTk1N2gtaDJjMs4ABBTt
FileManager Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: backpack/filemanager
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jZ3I0LWMyMzMtaDczM84ABBTs
UnoPim Stored XSS : Cookie hijacking through Create User function
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1jZzIzLXFmOGYtNjJycs4ABBTJ
Symfony has an Authentication Bypass via RememberMe
Ecosystems: packagist
Packages: symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nOHIzLTJ2ODktajZyNc4ABBS_
Moodle IDOR when accessing list of badge recipients
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1mM2N3LWhnNnItY2hmds4ABBS7
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 days ago
High
GSA_kwCzR0hTQS1jdzZnLXFtanEtNncyd84ABBS6
Craft CMS Arbitrary System File Read
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 8 days ago
High
GSA_kwCzR0hTQS1qcmg1LXZocjktcWg3cc4ABBS5
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1ndjd2LXJnZzYtNTQ4aM4ABBRT
Laravel environment manipulation via query string
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1odzl4LThtNzUtNHZqcc4ABBRL
Cross Site Scripting vulnerability in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jbTQ2LWdxZjQtbXY0Zs4ABBP3
Orchid Platform has Method Exposure Vulnerability in Modals
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 8 days ago
Low
GSA_kwCzR0hTQS00aGpmLTZweHItNTQ5aM4ABBK9
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 10 days ago
Low
GSA_kwCzR0hTQS1xOTl4LW1qbWgtdjh3N84ABBLL
Moodle's user/power level management inconsistent with suspended users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS03d21wLTJ4bXgtZzZoOM4ABBLI
Moodle authorization headers preserved between "emulated redirects"
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS00Z3EyLXg1dzQtN2hwOM4ABBK8
Moodle has insufficient capability checks
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1qcGYyLTlwcHAtMmM0Oc4ABBLG
Moodle has insufficient access control
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS12cHE1LTU2amotdmYybc4ABBLH
Moodle admin presets export tool includes some secrets that should not be exported
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 days ago
Low
GSA_kwCzR0hTQS1jNzY3LTR3aGgtdjdyd84ABBLJ
Moodle has user information visibility control issues in gradebook reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
High
GSA_kwCzR0hTQS0zbTl4LTJxZmoteHZxNM4ABBD1
PHPExcel XXE Vulnerability
Ecosystems: packagist
Packages: phpoffice/phpexcel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS00aHh3LWdjMnEtZjZmM84ABBDy
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Ecosystems: packagist
Packages: filament/actions
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1teDI2LTYyeG0tMnA4M84ABBDv
Moodle vulnerable to site administration SQL injection via XMLDB editor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wOWN4LWY1OTUtaDc5aM4ABBDu
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS0ycjltLXdnMzUtcmZ2Y84ABBDp
Moodle vulnerable to cache poisoning via injection into storage
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
High
GSA_kwCzR0hTQS12NmY0LXY4aDgtM2M4N84ABBDq
Moodle Remote Code Execution vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13d2pmLWd3cnYtd2g0Nc4ABBDw
Moodle's IDOR in badges allows deletion of arbitrary badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xcnF2LTI2Z2YteGd3aM4ABBDs
Moodle LFI vulnerability when restoring malformed block backups
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12am1tLXI5Z2ctNDI1bc4ABBDo
Moodle has arbitrary file read risk through pdfTeX
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
High
GSA_kwCzR0hTQS14ODdyLTM3cTUtbW1yOM4ABBDt
Moodle has CSRF risk in Feedback non-respondents report
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
Low
GSA_kwCzR0hTQS1qanhxLWZmMmctOTV2aM4ABBCN
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 14 days ago
Low
GSA_kwCzR0hTQS02Mzc3LWhmdjktaHFmNs4ABBCM
Twig has unguarded calls to `__toString()` when nesting an object into an array
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1odjZtLXFqNjUtMjZxM84ABBCA
UnoPim Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1xcTVjLTY3N3AtNzM3cc4ABBBg
Symfony vulnerable to command execution hijack on Windows with Process class
Ecosystems: packagist
Packages: symfony/symfony, symfony/process
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: 15 days ago
Low
GSA_kwCzR0hTQS1tcnF4LXJwM3ctanBqcM4ABBBf
Symfony vulnerable to open redirect via browser-sanitized URLs
Ecosystems: packagist
Packages: symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS1nM3JoLXJyaHAtamhoOc4ABBBe
Symfony has an incorrect response from Validator when input ends with `\n`
Ecosystems: packagist
Packages: symfony/validator, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS05YzN4LXIzd3AtbWd4bc4ABBBd
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-client
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 15 days ago
Low
GSA_kwCzR0hTQS1qeGdyLTN2N3EtM3c5ds4ABBBc
Symfony's `Security::login` does not take into account custom `user_checker`
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14OHZwLWdmNHEtbXc1as4ABBBb
Symfony allows changing the environment through a query
Ecosystems: packagist
Packages: symfony/symfony, symfony/runtime
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 15 days ago
High
GSA_kwCzR0hTQS1wZnJyLXh2cmYtcHhqeM4ABA1_
Laravel Reverb Missing API Signature Verification
Ecosystems: packagist
Packages: laravel/reverb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS00ZnZ4LWg4MjMtMzh2M84ABA1-
YesWiki Uses a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1wamh4LWo1M3AtYzVmNc4ABA1L
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
Low
GSA_kwCzR0hTQS1qOXdwLXg1cTUteGgyZs4ABAra
Funadmin Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS0ybXY4LWpqbTUtZjNocs4ABArY
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1oMzQ1LXI0OHgtZzY4Zs4ABArV
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1oNHB4LTl2bXAtcDdwds4ABArH
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1yOXY1LXE5N20tcmo1Z84ABArX
Logic flaw in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS02ajhmLTg4bWgtcjl2cc4ABArP
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS01ZzY2LTkzcXYtNTY1as4ABArQ
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS12dzZ4LWM1cmctam1qcM4ABArS
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS05Z3czLXFyMmYtM3ZnNc4ABArE
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS14MmZyLXZqNzQtNWgzNc4ABArO
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1jNDc5LXdxOGctNTdocs4ABAop
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
High
GSA_kwCzR0hTQS1nOHY5LWM4bTMtOTQyds4ABAoi
Remote code execution in php-heic-to-jpg
Ecosystems: packagist
Packages: maestroerror/php-heic-to-jpg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1xeGd4LWh2ZzMtdjkyd84ABAoC
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1wM20yLW1qM2otajQ5eM4ABAoB
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS02Nmp2LXFybTMtdnZmZ84ABAoA
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1tcjdxLWZ2N2otamNnds4ABAn_
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS13cmpjLWZtZnEtdzNqcs4ABAn-
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 28 days ago
High
GSA_kwCzR0hTQS03cHA0LTM4OHgtMnhxas4ABAd_
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zN2dtLWg1d3ItcGYyNc4ABAWF
Path traversal in redaxo
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03YzRjLTc0OWotcGZwMs4ABAWE
Admidio Vulnerable to HTML Injection In The Messages Section
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 717
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 nilsteampassnet/teampass 37 mautic/core 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 contao/core-bundle 24 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 getkirby/cms 22 tribalsystems/zenario 22 laravel/framework 20 funadmin/funadmin 20 contao/contao 19 cockpit-hq/cockpit 18 topthink/framework 18 forkcms/forkcms 18 francoisjacquet/rosariosis 17 opencart/opencart 17 symfony/security 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 genix/cms 17 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 typo3/cms-backend 16 phpbb/phpbb 16 october/system 15 symfony/security-http 15 smarty/smarty 15 ec-cube/ec-cube 15 silverstripe/cms 14 bolt/bolt 14 feehi/cms 14 dompdf/dompdf 14 phpmailer/phpmailer 14 pimcore/admin-ui-classic-bundle 13 codeigniter4/framework 13 elefant/cms 13 studio-42/elfinder 13 sylius/sylius 13 lavalite/cms 13 admidio/admidio 13 impresscms/impresscms 13 phpoffice/phpspreadsheet 12 wwbn/avideo 12 phpmyfaq/phpmyfaq 12 symfony/http-foundation 12 wallabag/wallabag 11 pagekit/pagekit 11 nukeviet/nukeviet 11 tinymce 11 TinyMCE 11 tinymce/tinymce 11 ezsystems/ezplatform-kernel 11 feehi/feehicms 11 october/october 10 ssddanbrown/bookstack 10 yiisoft/yii2 10 sulu/sulu 10 ezsystems/ezpublish-legacy 10 kevinpapst/kimai2 9 concrete5/core 9 statamic/cms 9 alextselegidis/easyappointments 9 contao/core 9 bootstrap 9 bootstrap 9 twbs/bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 facturascripts/facturascripts 8 composer/composer 8 mantisbt/mantisbt 8 silverstripe/graphql 8 pimcore/customer-management-framework-bundle 8 october/cms 8 twig/twig 8 croogo/croogo 8 pterodactyl/panel 8 silverstripe/admin 8 ezsystems/ezplatform-admin-ui 8 gilacms/gila 8 codiad/codiad 8 passbolt/passbolt_api 7 bootstrap.sass 7 billz/raspap-webgui 7 bootstrap-sass 7 flarum/core 7 symfony/http-kernel 7 wpglobus/wpglobus 7 backdrop/backdrop 7 october/backend 7 gleez/cms 6 pear/archive_tar 6 zoujingli/thinkadmin 6 nystudio107/craft-seomatic 6 in2code/femanager 6 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 phpseclib/phpseclib 6 guzzlehttp/guzzle 6 oro/platform 6 icecoder/icecoder 6 dweeves/magmi 6 vrana/adminer 6 bagisto/bagisto 6 yourls/yourls 6 anchorcms/anchor-cms 5 typo3/flow 5 ibexa/core 5 bootstrap-sass 5 codeigniter/framework 5 symfony/security-bundle 5 gugoan/economizzer 5 thinkcmf/thinkcmf 5 illuminate/database 5 neos/neos 5 neos/flow 5 phpxmlrpc/phpxmlrpc 5 typo3/cms-install 5 symfony/security-core 5 elgg/elgg 5 kimai/kimai 5 cachethq/cachet 5 bottelet/flarepoint 5 mautic/core-lib 5 silverstripe/assets 5 phpservermon/phpservermon 5 simplesamlphp/saml2 5 woocommerce/woocommerce 5 limesurvey/limesurvey 5 reportico-web/reportico 4 magento/product-community-edition 4 modx/revolution 4 typo3/html-sanitizer 4 oro/commerce 4 spatie/browsershot 4 typo3/cms-frontend 4 wp-premium/gravityforms 4 pyrocms/pyrocms 4 ezyang/htmlpurifier 4 sylius/resource-bundle 4 bytefury/crater 4 adodb/adodb-php 4 evolutioncms/evolution 4 wintercms/winter 4 appwrite/server-ce 4 idno/known 4 codeigniter4/shield 4 notrinos/notrinos-erp 4 shopxo/shopxo 4 bref/bref 4 automad/automad 4 shopware/storefront 4 friendsofsymfony/user-bundle 4 processwire/processwire 4 ezsystems/ezplatform 4 zendframework/zendopenid 4 facade/ignition 3 verbb/comments 3 in2code/powermail 3 zencart/zencart 3 uvdesk/community-skeleton 3 flarum/framework 3 getformwork/formwork 3 symfony/validator 3 artesaos/seotools 3 verot/class.upload.php 3 symfony/framework-bundle 3 zendframework/zend-http 3
Filter by Repository
https://github.com/moodle/moodle 218 https://github.com/pimcore/pimcore 113 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/Dolibarr/dolibarr 56 https://github.com/shopware/platform 43 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 34 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/centreon/centreon-archived 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/smarty-php/smarty 12 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/tinymce/tinymce 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/yiisoft/yii2 11 https://github.com/Sylius/Sylius 11 https://github.com/Studio-42/elFinder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/WWBN/AVideo 11 https://github.com/opencart/opencart 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/sulu/sulu 10 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/wallabag/wallabag 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/statamic/cms 8 https://github.com/Froxlor/Froxlor 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/pterodactyl/panel 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/mantisbt/mantisbt 8 https://github.com/GilaCMS/gila 8 https://github.com/twbs/bootstrap 7 https://github.com/twigphp/Twig 7 https://github.com/croogo/croogo 7 https://github.com/pagekit/pagekit 7 https://github.com/passbolt/passbolt_api 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/flarum/framework 7 https://github.com/RaspAP/raspap-webgui 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/composer/composer 7 https://github.com/phpseclib/phpseclib 6 https://github.com/bookstackapp/bookstack 6 https://github.com/oroinc/orocommerce 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/gleez/cms 6 https://github.com/vrana/adminer 6 https://github.com/ezsystems/ezplatform-admin-ui 6 https://github.com/LimeSurvey/LimeSurvey 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/silverstripe/silverstripe-graphql 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/zendframework/zf1 5 https://github.com/backdrop/backdrop 5 https://github.com/nukeviet/nukeviet 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/shopware5/shopware 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/Admidio/admidio 5 https://github.com/jbroadway/elefant 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/contao/core 5 https://github.com/oroinc/platform 5 https://github.com/ADOdb/ADOdb 4 https://github.com/phpservermon/phpservermon 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/codeigniter4/shield 4 https://github.com/oroinc/crm 4 https://github.com/Sylius/SyliusResourceBundle 4 https://github.com/appwrite/appwrite 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/ezsystems/ezplatform 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/BookStackApp/BookStack 4 https://github.com/reportico-web/reportico 4 https://github.com/kimai/kimai 4 https://github.com/bagisto/bagisto 4 https://github.com/brefphp/bref 4 https://github.com/phpbb/phpbb 3 https://github.com/ezsystems/ezplatform-richtext 3 https://github.com/Rudloff/alltube 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/phpbb/phpbb-app 3 https://github.com/xjzzzxx/vulFound 3 https://github.com/facade/ignition 3 https://github.com/PrivateBin/PrivateBin 3 https://github.com/PrestaShop/productcomments 3 https://github.com/dd3x3r/enhavo 3 https://github.com/flarum/core 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/alexbsec/CVEs 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/idno/known 3 https://github.com/in2code-de/femanager 3 https://github.com/in2code-de/powermail 3 https://github.com/modxcms/revolution 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/livewire/livewire 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/wikimedia/mediawiki 3 https://github.com/verbb/comments 3 https://github.com/concrete5/concrete5 3 https://github.com/woocommerce/woocommerce 3 https://github.com/getformwork/formwork 3 https://github.com/aimeos/ai-admin-graphql 3 https://github.com/artesaos/seotools 3 https://github.com/orchidsoftware/platform 3 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/scheb/two-factor-bundle 2 https://github.com/ethercreative/logs 2 https://github.com/jquery/jquery 2 https://github.com/ezsystems/repository-forms 2 https://github.com/z-song/laravel-admin 2 https://github.com/pyrocms/pyrocms 2 https://github.com/sartlabs/0days 2 https://github.com/marcantondahmen/automad 2 https://github.com/robrichards/xmlseclibs 2 https://github.com/Ek-Saini/security 2 https://github.com/KnpLabs/snappy 2 https://github.com/Elgg/Elgg 2 https://github.com/jqhph/dcat-admin 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/joomla/joomla-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/fuel/core 2 https://github.com/froxlor/Froxlor 2 https://github.com/aimeos/ai-client-html 2 https://github.com/aimeos/ai-controller-frontend 2