Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS12andnLTI4Z3YtcG04aM4AA7R7
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 23 hours ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 1 day ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tdzgyLTZtMmctcWg2Y84AA7PU
Sylius Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 3 days ago
High
GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 3 days ago
High
GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 days ago
High
GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1teDNwLWZocHcteDZyds4AA7NP
TCPDF vulnerable to Regular Expression Denial of Service
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 days ago
High
GSA_kwCzR0hTQS02cHBnLXJncmctZjU3M84AA7ET
Dolibarr vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
High
GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 13 days ago
High
GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settings
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 13 days ago
High
GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 13 days ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 14 days ago
High
GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description field
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 16 days ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 16 days ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 17 days ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 22 days ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 22 days ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 22 days ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 22 days ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 22 days ago
High
GSA_kwCzR0hTQS13OGdmLWcydnEtajJmNM4AA6nf
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 22 days ago
High
GSA_kwCzR0hTQS1xamZ3LWN2amYtZjRmbc4AA6l3
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client, amphp/http
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1wNzN4LXJwZ20tM3Y1Ns4AA6kj
Dolibarr ERP CRM Code Injection vulnerability during installation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 22 days ago
Critical
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1oaGY4LWY1dzktZzZ2aM4AA6i0
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Ecosystems: packagist
Packages: causal/oidc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
High
GSA_kwCzR0hTQS01N3E1LWg2MjItM2NweM4AA6hD
UVDesk Community Helpdesk Improper Privilege Management
Ecosystems: packagist
Packages: uvdesk/core-framework
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 24 days ago
High
GSA_kwCzR0hTQS0yMnY3LXYzbWotcG04cs4AA6gq
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 24 days ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 24 days ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS0yajRnLXY0ZnYtcmh3Z84AA6g0
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 24 days ago
High
GSA_kwCzR0hTQS1qNHBjLXZxdmMtNHA5eM4AA6gs
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 24 days ago
High
GSA_kwCzR0hTQS02MjZyLWNqNDctcDQ5Z84AA6gu
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 24 days ago
High
GSA_kwCzR0hTQS1xanZtLXA1dmctNDM3Y84AA6gr
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1jajNjLTV4cG0tY3g5NM4AA6dz
Kimai API returns timesheet entries a user should not be authorized to view
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 27 days ago
High
GSA_kwCzR0hTQS04cjVqLWdtM2otY3g5Y84AA6dB
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
High
GSA_kwCzR0hTQS0zOWZwLW1xbW0tZ3hqNs4AA6c_
CodeIgniter4 DoS Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1xN2c2LXhmaDItdmhweM4AA6Rq
phpMyFAQ stored Cross-site Scripting at user email
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wd2gyLWZwZnIteDVnZs4AA6Rp
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yZ3J3LW1jOXItODIycs4AA6Rn
phpMyFAQ SQL injections at insertentry & saveentry
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
phpMyFAQ Stored HTML Injection at contentLink
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Storefront user can access history and most viewed data from matching back-office user with the same ID
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS05eHZmLWNqdmYtZmY1cc4AA6Rg
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Ecosystems: packagist
Packages: johnbillion/wp-crontrol
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS00eHc4LTlmajctajU4as4AA6O_
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yd2h4LWNjcjctZnhxbc4AA6O9
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNGhxLWY2M3gtZjM5cs4AA6O2
Slow String Operations via MultiPart Requests in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wdjlqLWM1M3EtaDQzM84AA6Oz
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Ecosystems: packagist
Packages: friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handler
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
File Upload Path Traversal
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNm1oLTc5dmgtMmh2N84AA6Os
Cross-site Scripting in Moodle Chat
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: swiftmailer/swiftmailer, friendsofsymfony1/swiftmailer, friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS14YzdqLXdqMzYtcWpmcs4AA5zL
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qcjgzLW0yMzMtZ2c2cM4AA5wF
Sulu grants access to pages regardless of role permissions
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template Injection
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Subrion CMS vulnerable to SQL Injection
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNHFoLThweHctcjQ4cc4AA5iX
Subrion CMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cDdxLWZqZnctdjNnZs4AA5gw
Bagisto Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Statistics
Advisories: 17,986
Packages: 8,213
Repositories: 577
Ecosystems: 12
Filter by Severity
Moderate 7,727 High 6,244 Critical 2,768 Low 965
Filter by Ecosystem
maven 5,513 packagist 3,612 pypi 3,543 npm 3,530 go 1,876 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
moodle/moodle 318 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 94 microweber/microweber 91 phpmyadmin/phpmyadmin 91 drupal/core 70 thorsten/phpmyfaq 70 typo3/cms-core 70 drupal/drupal 56 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 symfony/symfony 46 baserproject/basercms 43 showdoc/showdoc 40 nilsteampassnet/teampass 37 craftcms/cms 36 shopware/core 36 snipe/snipe-it 32 intelliants/subrion 31 froxlor/froxlor 28 mautic/core 28 silverstripe/framework 27 shopware/shopware 27 getgrav/grav 27 centreon/centreon 27 prestashop/prestashop 24 magento/core 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 22 getkirby/cms 22 forkcms/forkcms 18 tribalsystems/zenario 18 francoisjacquet/rosariosis 17 cakephp/cakephp 17 cockpit-hq/cockpit 17 yetiforce/yetiforce-crm 16 topthink/framework 15 contao/core-bundle 15 openmage/magento-lts 15 phpmailer/phpmailer 14 smarty/smarty 14 zendframework/zendframework1 14 typo3/cms-backend 14 october/system 13 elefant/cms 13 ezsystems/ezpublish-kernel 13 impresscms/impresscms 13 codeigniter4/framework 13 symfony/security 13 symfony/security-http 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 lavalite/cms 12 bolt/bolt 12 studio-42/elfinder 12 feehi/feehicms 11 contao/contao 11 zendframework/zendframework 11 feehi/cms 11 silverstripe/cms 11 ezsystems/ezplatform-kernel 10 admidio/admidio 10 wallabag/wallabag 10 wwbn/avideo 10 nukeviet/nukeviet 10 dompdf/dompdf 10 pagekit/pagekit 10 opencart/opencart 10 sylius/sylius 10 pimcore/admin-ui-classic-bundle 10 simplesamlphp/simplesamlphp 9 alextselegidis/easyappointments 9 laravel/framework 9 tinymce 9 tinymce/tinymce 9 TinyMCE 9 funadmin/funadmin 9 october/october 9 ssddanbrown/bookstack 9 kevinpapst/kimai2 9 concrete5/core 9 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 facturascripts/facturascripts 8 sulu/sulu 8 yiisoft/yii2 8 october/cms 8 croogo/croogo 7 october/backend 7 flarum/core 7 symfony/http-foundation 7 statamic/cms 7 silverstripe/admin 7 silverstripe/graphql 7 yiisoft/yii2-dev 6 backdrop/backdrop 6 guzzlehttp/guzzle 6 yourls/yourls 6 directmailteam/direct-mail 6 pterodactyl/panel 6 in2code/femanager 6 dweeves/magmi 6 composer/composer 6 zoujingli/thinkadmin 6 wpglobus/wpglobus 6 nystudio107/craft-seomatic 6 billz/raspap-webgui 5 symfony/http-kernel 5 anchorcms/anchor-cms 5 phpxmlrpc/phpxmlrpc 5 automad/automad 5 phpseclib/phpseclib 5 vrana/adminer 5 cachethq/cachet 5 elgg/elgg 5 pear/archive_tar 5 typo3/cms-install 5 bagisto/bagisto 5 ibexa/core 5 bottelet/flarepoint 5 oro/platform 5 gugoan/economizzer 5 codeigniter4/shield 4 bytefury/crater 4 ezsystems/ezplatform-admin-ui 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 oro/commerce 4 idno/known 4 wintercms/winter 4 wp-premium/gravityforms 4 shopware/storefront 4 symfony/security-core 4 silverstripe/assets 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 typo3/html-sanitizer 4 magento/product-community-edition 4 spatie/browsershot 4 symfony/security-bundle 4 modx/revolution 4 bref/bref 4 phenx/php-svg-lib 3 qcubed/qcubed 3 enhavo/enhavo-app 3 joomla/joomla-cms 3 ckeditor4 3 illuminate/database 3 typo3/cms-form 3 kimai/kimai 3 joomla/framework 3 appwrite/server-ce 3 zencart/zencart 3 facade/ignition 3 quickapps/cms 3 yiisoft/yii 3 artesaos/seotools 3 prestashop/productcomments 3 tecnickcom/tcpdf 3 mantisbt/mantisbt 3 pixelfed/pixelfed 3 enshrined/svg-sanitize 3 phpoffice/phpspreadsheet 3 sylius/resource-bundle 3 shopxo/shopxo 3 zendframework/zendservice-api 3 zendframework/zendservice-amazon 3 zendframework/zendservice-windowsazure 3 adodb/adodb-php 3 rudloff/alltube 3 froala/wysiwyg-editor 3 zendframework/zendservice-technorati 3 twig/twig 3 flarum/framework 3 verot/class.upload.php 3 zendframework/zendopenid 3 zendframework/zendrest 3 zendframework/zendservice-audioscrobbler 3 codeigniter/framework 3 apache-solr-for-typo3/solr 3 processwire/processwire 3 uvdesk/community-skeleton 3 limesurvey/limesurvey 3 zendframework/zendservice-nirvanix 3 icecoder/icecoder 3 verbb/comments 3 zendframework/zendservice-slideshare 3 amphp/http-client 2 munkireport/munkireport 2 yiisoft/yii2-gii 2 munkireport/managedinstalls 2 codiad/codiad 2 ckeditor/ckeditor 2 buddypress/buddypress 2 ether/logs 2 juzaweb/cms 2
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 54 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/symfony/symfony 40 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/liufee/cms 17 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/contao/contao 16 https://github.com/intelliants/subrion 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/centreon/centreon-archived 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/Studio-42/elFinder 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dompdf/dompdf 11 https://github.com/drupal/core 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/top-think/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/tinymce/tinymce 9 https://github.com/funadmin/funadmin 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/LavaLite/cms 9 https://github.com/neorazorx/facturascripts 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/simplesamlphp/simplesamlphp 8 https://github.com/wallabag/wallabag 8 https://github.com/admidio/admidio 8 https://github.com/laravel/framework 8 https://github.com/sulu/sulu 8 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/statamic/cms 6 https://github.com/pterodactyl/panel 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/guzzle/guzzle 6 https://github.com/croogo/croogo 6 https://github.com/bookstackapp/bookstack 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/oroinc/orocommerce 6 https://github.com/TribalSystems/Zenario 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/composer/composer 5 https://github.com/vrana/adminer 5 https://github.com/phpseclib/phpseclib 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/nukeviet/nukeviet 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/zendframework/zf1 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/codeigniter4/shield 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/spatie/browsershot 4 https://github.com/oroinc/platform 4 https://github.com/screetsec/VDD 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/crater-invoice/crater 4 https://github.com/yourls/yourls 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/opencart/opencart 4 https://github.com/backdrop/backdrop 4 https://github.com/brefphp/bref 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/phpservermon/phpservermon 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/qcubed/qcubed 3 https://github.com/zendframework/zendframework 3 https://github.com/ADOdb/ADOdb 3 https://github.com/guzzle/psr7 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/elgg/elgg 3 https://github.com/Rudloff/alltube 3 https://github.com/concrete5/concrete5 3 https://github.com/kimai/kimai 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/PrestaShop/productcomments 3 https://github.com/artesaos/seotools 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/appwrite/appwrite 3 https://github.com/BookStackApp/BookStack 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/bagisto/bagisto 3 https://github.com/mantisbt/mantisbt 3 https://github.com/twigphp/Twig 3 https://github.com/in2code-de/femanager 3 https://github.com/idno/known 3 https://github.com/verbb/comments 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/gleez/cms 2 https://github.com/flarum/core 2 https://github.com/reportico-web/reportico 2 https://github.com/nette/latte 2 https://github.com/filegator/filegator 2 https://github.com/Froxlor/Froxlor 2 https://github.com/dompdf/php-svg-lib 2 https://github.com/munkireport/munkireport-php 2 https://github.com/ethercreative/logs 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/phpbb/phpbb 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/orchidsoftware/platform 2 https://github.com/phpmyadmin/composer 2 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/Elgg/Elgg 2 https://github.com/Ek-Saini/security 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/icecoder/ICEcoder 2 https://github.com/buddypress/BuddyPress 2 https://github.com/bolt/core 2 https://github.com/tecnickcom/TCPDF 2 https://github.com/thephpleague/commonmark 2 https://github.com/thinkcmf/thinkcmf 2 https://github.com/top-think/thinkphp 2 https://github.com/tpwd/ke_search 2 https://github.com/TYPO3/Fluid 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/azuracast/azuracast 2 https://github.com/aws/aws-sdk-php 2 https://github.com/verbb/image-resizer 2 https://github.com/verbb/knock-knock 2 https://github.com/api-platform/core 2 https://github.com/apereo/phpCAS 2 https://github.com/woocommerce/woocommerce 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/alexbsec/CVEs 2 https://github.com/yiisoft/yii 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/YOURLS/YOURLS 2 https://github.com/Admidio/admidio 2 https://github.com/KnpLabs/snappy 2