Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1yOHY0LTd2d2otOTgzeM4AAXT5
SimpleSAMLphp SAML2 spoof SAML responses
Ecosystems: packagist
Packages: simplesamlphp/saml2
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cHhnLTZwODctOGM5ds4AAmmL
Magento 2 Community Edition RCE via Unsafe File Upload
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cTg4LWp4dnAtOWdwMs01Bw
Path Traversal in Studio-42 elFinder through 2.1.60
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoM3ItdnA0Ni04ZzIy
Code injection in topthink/think
Ecosystems: packagist
Packages: topthink/think
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocGoyLTRoZmotZzIzM84AAj0L
Fat-Free Framework arbitrary code execution
Ecosystems: packagist
Packages: bcosca/fatfree
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qOTlnLXFqdngtOTk1Z83uwg
Contao Does Not Expire Tokens Correctly
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13MzhnLWhqNDUtbWpqcM4AAgjW
Contao SQL injection in the backend and listing module
Ecosystems: packagist
Packages: contao/listing-bundle, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00NHA4LWMzd3YtZjI4cs3sog
Directory Traversal in Studio 42 elFinder
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MncyLXFndjYtOHhybc39cw
Elefant CMS PHP Code Execution Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handling
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01eDRmLTd4Z3EtcjQyeM1REw
Object state limitation has no effect
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03N2oyLTd3aHItNnZweM4AAUzW
Elefant CMS Code Execution Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00Mjg2LWg0N2gtbTV2Ns0WtA
Showdoc File Upload Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qMjQ1LXYybWgtNWg2Zs4AAznw
TeamPass vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmNDYtNXIyNS01d2Zt
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Ecosystems: packagist
Packages: league/flysystem
Source: GitHub Advisory Database
Blast Radius: 55.4
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1mMjRqLWY5N3ctNjVoOM4AAiRn
Centreon Privilege Escalation
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01bTN3LXJ2dmgtOGZ4Ns4AAQML
Joomla! Object Injection Vulnerability
Ecosystems: packagist
Packages: joomla/joomla-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS03ZzUzLWpqMjUtamhncs4AAx9K
Remote code execution in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tcnE0LTdjaDctMjQ2Nc0mqQ
Server Side Twig Template Injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02amhtLTR2bXgtbXI3Ns0mbA
SQL injection in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tcXc5LTNjam0teHdwM84AAvIw
Moodle Minor SQL injection risk in admin user browsing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ncTZ3LXE2d2gtamdnY84AAyLG
PHAR deserialization allowing remote code execution
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qcDRnLXI4YzktMzUzNM4AAQ5D
Moodle Blind SSRF Risk in /badges/mybackpack.php
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14OTNqLTNoaDMtNngyM84AAv9W
Insufficient Session Expiration in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14cWNmLXZncWMtcGNtZ84AAwDF
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaHZoLWM1YzItdmo4Nc4AAdEL
Zend Framework SQL injection vector using null byte for PDO
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqdjctMjc0bc4AAnQi
Mautic stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13dmo1LXI3OHItaGhmcc4AAWjw
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0ycGNqLTc2aGoteHFobc4AAb2x
CodeIgniter arbitrary code execution
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3Z20tZjgzci12M3Fq
Improper Certificate Validation in WP-CLI framework
Ecosystems: packagist
Packages: wp-cli/wp-cli
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS0yeDNyLTdqZ20tZ2g4eM4AAy--
Remote code execution in Voyager
Ecosystems: packagist
Packages: tcg/voyager
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zanhoLTY2MzUtNmp3cM4AAs93
Path traversal in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12NTlwLXA2OTItdjM4Ms4AAig9
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zend-db, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xd3ZwLWc5ajctMjhmNs4AAyxG
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jN2pqLXZmbXItajltas4AAo7b
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg
Prototype Pollution in litespeed.js and appwrite/server-ce
Ecosystems: packagist, npm
Packages: appwrite/server-ce, litespeed.js
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14eDc3LXc2cDUteHZtas4AAn1j
ShopXO RCE Vulnerability
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jajJmLTk2anEtcGhwcM4AAV-a
Shopware RCE Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oaGcyLWc2aDYtYzI2Ns4AAid-
Yii SQL injection vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yN2M5LWM2OW0tcnBoOM02Aw
Code Injection in PHPUnit
Ecosystems: packagist
Packages: phpunit/phpunit
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oMzRxLTg3OHctdzk2cs4AAUCK
Dolibarr SQL injection via the integer parameters qty and value_unit
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMm0tN2NmcC1oNmdm
Incorrect persistent NameID generation in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4
phpMyAdmin SQL injection in Designer feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jbTdmLWhmMmctZ2hycM4AAwCw
PyroCMS vulnerable to stored Cross Site Scripting
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyeGctNndjai02eGY5
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Ecosystems: packagist
Packages: vanilla/safecurl
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nNmpjLXhyYzMtNHd3cc4AAv0d
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNDM0LTNxMmotaGo0cs4AAWhd
CodeIgniter Session Fixation Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tOGp4LW14ZjktMnJwd84AApWC
NukeViet SQL Injection vulnerability
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNThtLXY1cHItamhocc4AAxqX
Cross-site Scripting in kimai/kimai
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qN2c4LTNxcWctOGN2bc4AAUrm
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File Inclusion
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1tNXJnLWc2ZjktOHdwd84AAWhZ
Dolibarr SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01N3dqLTIydzktd205cs4AAWrX
Dolibarr SQL injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE
phpmyadmin contains SQL Injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 11 days ago
Critical
GSA_kwCzR0hTQS03Nzg5LXY3NjctMzdyNc4AAXl_
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02ZnJjLXZmdzktd20yN84AAXl5
Dolibarr SQL injection vulnerability in fourn/index.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wbTU3LTkyNmMtMjhtcs4AAj6I
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qMmpwLTU4Z3YtZzJwZ84AAlLP
Magento Security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12aGZwLTl3dmotZ3d2Z80WyA
XML External Entity vulnerability in MODX CMS
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01aHc0LW03ZjMtaGh4OM4AAvLl
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Ecosystems: packagist
Packages: spoonity/tcpdf, la-haute-societe/tcpdf, fooman/tcpdf, tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xdjVqLXJ3cTMtbTgyM84AAQF5
ThinkAdmin Administrator cookies still working after password change
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xOXA0LXFmYzgtZnZwcM0Wdw
SQL Injection in medoo
Ecosystems: packagist
Packages: catfan/medoo
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jbTI2LWdwOGotdzZ4Zs4AAbgg
TeamPass SQL injection in users.queries.php
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03YzI4LXdnN3ItcGc2Zs4AA0-u
RaspAP Command Injection vulnerability
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1wcjQ0LTRqZnItMjg2bc4AAYSU
Swift Mailer mail transport Command Injection
Ecosystems: packagist
Packages: swiftmailer/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 55.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cmYtOTQyOC01Mjdt
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5Mm0taGhody12djl2
Code injection in codiad
Ecosystems: packagist
Packages: codiad/codiad
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxbTItZ3dxZi1yNWc1
SQL injection in TYPO3 extension
Ecosystems: packagist
Packages: ecodev/newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04ODQ5LWN2OWYtdmNjbc4AAy-9
Access bypass in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xdjVwLTZ3cmMtNzl3Z84AAS_6
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNXgtN214cC1ycDZq
Remote code execution via vulnerable Symphony dependecy injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1xOGNyLXhwaG0tN2dmds4AAQUB
Akeneo PIM vulnerable to shell injection in the mass edition
Ecosystems: packagist
Packages: akeneo/pim-community-dev
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cDk2LXZmcmMtZnYzMs06dQ
RCE in Studio-42 elFinder on Windows before 2.1.61
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2