Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00ajZ3LTlyZjgtaGc3cs4AAq5P
Magento 2 Community Edition SQLi Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5Z3ItNThyMy1wd20z
Symfony Unsafe Cache Serialization Could Enable RCE
Ecosystems: packagist
Packages: symfony/symfony, symfony/cache
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS02dmNmLWNmanAtcXhjd84AAzTg
LavaLite vulnerable to web cache poisoning
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS02cDk2LXZmcmMtZnYzMs06dQ
RCE in Studio-42 elFinder on Windows before 2.1.61
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12Y203LTg4angtM3IzOc4AAU7K
ThinkPHP SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ndmo4LTRjajQtaDc3Ns1RFA
Object state limitation has no effect
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05N2htLTJtZnItMnA5N84AA0f9
TeamPass Code Injection vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0zZmo0LXE3MngteDJnOc4AAbZb
ADOdb Library SQL Injection
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tcXc5LTNjam0teHdwM84AAvIw
Moodle Minor SQL injection risk in admin user browsing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14aHEzLTQ1NXIteHY0NM4AAayr
Moodle SQL injection via user preferences
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yaG1tLXEyNzIteG1oZs4AAvIu
Moodle remote code execution
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNDgtZjkzeC05Z3g0
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Ecosystems: packagist
Packages: zendesk/zendesk_api_client_php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMm0tN2NmcC1oNmdm
Incorrect persistent NameID generation in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1qcDRnLXI4YzktMzUzNM4AAQ5D
Moodle Blind SSRF Risk in /badges/mybackpack.php
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01OThwLXJ2NnAtZzdxY84AAiZx
sr_freecap for Typo3 RCE Vulnerability
Ecosystems: packagist
Packages: sjbr/sr-freecap
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04cDVjLWY4MzYtbTRoN84AAils
Magento 2 Community Edition XML Injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ydjYyLTZmNTYtajgzd84AAkF6
Moodle Oauth 2 Insufficiently Protects Against Compromise
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNDdmLXJ4ZzgtcWdyds4AAx_5
Easy!Appointments uses hard-coded credentials
Ecosystems: packagist
Packages: alextselegidis/easyappointments
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj
Unauthenticated remote code execution in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNHItODM0Mi1qbWM5
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Ecosystems: packagist
Packages: fluidtypo3/vhs
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jbTdmLWhmMmctZ2hycM4AAwCw
PyroCMS vulnerable to stored Cross Site Scripting
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zMmdyLXg3NmctMjY3d84AAxhv
SQL injection in webbuilders-group silverstripe-kapost-bridge
Ecosystems: packagist
Packages: webbuilders-group/silverstripe-kapost-bridge
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03cG1oLThxamotNHEzNs4AAx_c
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13dzQzLW1jdmgtMzVwNM4AAwzd
PaginationServiceProvider SQL Injection vulnerability
Ecosystems: packagist
Packages: ttskch/pagination-service-provider
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNmpjLXhyYzMtNHd3cc4AAv0d
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jcDJwLTZ4aDQtam1jcM4AAws8
nterchange Code Injection vulnerability
Ecosystems: packagist
Packages: nonfiction/nterchange
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01aHc0LW03ZjMtaGh4OM4AAvLl
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Ecosystems: packagist
Packages: spoonity/tcpdf, la-haute-societe/tcpdf, fooman/tcpdf, tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14cWNmLXZncWMtcGNtZ84AAwDF
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2
Missing warning can lead to unauthenticated admin access in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1yNThtLXY1cHItamhocc4AAxqX
Cross-site Scripting in kimai/kimai
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS12cXZtLXFyd2gtNjloN84AAvmw
easyii CMS's File Upload Management vulnerable to unrestricted upload
Ecosystems: packagist
Packages: noumo/easyii
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02NzR2LTNnMnctODRneM02ZA
Sandbox bypass in fenom
Ecosystems: packagist
Packages: fenom/fenom
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File Inclusion
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1wM3czLTRwcG0tYzNmNs1Btg
Cross site scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cmYtOTQyOC01Mjdt
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jaHc0LTg4eGMtNzl3Ns4AAzvv
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00cDM4LXJjOTgtY3IzOc4AAwF7
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1mOWpmLTRjcDQtNGZxNc4AAz6B
Grav Server Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0yaHZoLWM1YzItdmo4Nc4AAdEL
Zend Framework SQL injection vector using null byte for PDO
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00OWZqLXFwNnAtcTU0NM02_Q
Variable Tampering within joomla/input class
Ecosystems: packagist
Packages: joomla/input
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 12 hours ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqdjctMjc0bc4AAnQi
Mautic stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnangtaG0zNC1xZ2Y3
SQL injection in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS0yODUzLWhmMmctOTg0M84AAWTf
PHPOffice Common Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: phpoffice/common
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jOTVmLTI3Z3gtNnZxOc4AATWn
phpWhois arbitrary code execution via a crafted whois record
Ecosystems: packagist
Packages: truckersmp/phpwhois, simple-updates/phpwhois, serluck/phpwhois, kazist/phpwhois, ivankristianto/phpwhois, david-garcia/phpwhois, brightlocal/phpwhois, phpwhois/phpwhois, jsmitty12/phpwhois
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE
phpmyadmin contains SQL Injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1qMmgyLWc4ODIteDlqMs4AAxfZ
Deserialization of Untrusted Data in thinkphp
Ecosystems: packagist
Packages: topthink/think
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02cTRqLThwam0tNW1nY84AAjvL
SEOmatic for CraftCMS allows Server-Side Template Injection
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13N3ZtLTR2M2otdmdwd84AA1Db
PyroCMS remote code execution vulnerability
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1xNXJnLXdnN2gtNzNtNc4AAh_b
LibreNMS Information Disclosure
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0ycGNqLTc2aGoteHFobc4AAb2x
CodeIgniter arbitrary code execution
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qYzR2LXZ2ZzYteGc3OM02eg
SQL Injection in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ycGhjLWg1NzItMng5Zs0yuw
Cross-site Scripting in showdoc/showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34
phpMyAdmin unsanitized Git information
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13eHZyLXFxbTctNmg2Nc4AAkyU
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Ecosystems: packagist
Packages: verbb/knock-knock
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02dmYyLW1mbXItcXFxd84AAz9f
Liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1waDYyLTg3Njgtcjg3ds0uqg
Arbitrary file delete in ectouch/ectouch
Ecosystems: packagist
Packages: ectouch/ectouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS01OGg1LWg1NTQtNDI5cc4AAv0Z
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jN2pqLXZmbXItajltas4AAo7b
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg
Prototype Pollution in litespeed.js and appwrite/server-ce
Ecosystems: packagist, npm
Packages: appwrite/server-ce, litespeed.js
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12aGZwLTl3dmotZ3d2Z80WyA
XML External Entity vulnerability in MODX CMS
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05bTQ5LXZod3YtNDIyZ84AAXdy
Smarty PHP code injection
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03eGZqLTRqcGctNTh2Zs4AAUsi
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14ZmpxLXczY3ctaDVmcc4AAVUw
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03OWd2LTVjZ3gteDZyeM0-8Q
Typo3 Authentication Bypass
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oZjYyLTV2eGgtanB3as4AAitU
Pimcore 2FA Vulnerable to Brute Forcing
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNXgtN214cC1ycDZq
Remote code execution via vulnerable Symphony dependecy injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1tZnZnLXF3Y3ctcXZjOM4AAyQi
baserCMS allows any file to be uploaded
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05OHZjLTk4cTctNTdxZs4AAbnU
Dolibarr ERP and CRM Insecure Encryption
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocmd4LXAzNnAtODlxNM4AAtvN
PrestaShop eval injection possible if shop vulnerable to SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2