Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1qajk0LWo0cjMtNWdyNM4AApct
Subrion Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05NzM4LWM0OXEtNHJnY84AAU3Z
Subrion Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02d2M0LXY0djUtM204Ms4AAU3_
Subrion CMS Stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NXA1LWp3eDQtcXc5aM4AA1LU
PrestaShop boolean SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0yeHY3LWZ3aDYteDdmY84AAU4T
Subrion Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bWZjLWdyOGMteGo0bc4AAUIa
Evolution CMS Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jbTRyLTU4cGotaDJwaM30TQ
Moodle allows attackers to extract archives to arbitrary directories
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04aDI0LTNjanIteHhtaM4AAUIc
Evolution CMS Stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1teGZ2LWM4cDgtcXc1aM4AAbmf
baserCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXhwLXhnaHAtZ3F2cM4AAkyl
bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section
Ecosystems: packagist
Packages: bbpress/bbpress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00ODNmLXd4dzktM3Jwcc0_cA
bbPress Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: bbpress/bbpress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OTdjLW1oN20tNDh2N84AASBA
SimpleSAMLphp Invalid token creation and validation
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycWZjLTQ4djUtNHc1aM4AAXaa
SimpleSAMLphp Open redirection protection bypass
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NTY3LXEyNjctcGhwZ80kBg
pimcore is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05MzI3LW1xbTYteDk3as4AAWQL
SimpleSAMLphp Information leakage issue in the sanitycheck module
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03N3A0LXdmcjgtOTc3d84AAi_T
TYPO3 Directory Traversal on ZIP extraction
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MjZ3LWhtcHcteDc0as4AAWQy
paypal/invoice-sdk-php reflected XSS
Ecosystems: packagist
Packages: paypal/invoice-sdk-php
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1odmdmLTJyZjctd3J4Oc4AAjxY
Froxlor Information Disclosure
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aDMzLTVmeHctcjJ4ds4AAzAx
Stored cross site scripting via container name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NzhqLW1jcnItMzg3N84AAW1H
GeniXCMS Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cjR4LTM1MzQtdzNmOc4AAhPe
paypal/adaptivepayments-sdk-php vulnerable to a reflected XSS
Ecosystems: packagist
Packages: paypal/adaptivepayments-sdk-php
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OXBqLTdtamgtNDQ2Nc4AAi_a
TYPO3 SQL Injection in low-level Query Generator
Ecosystems: packagist
Packages: typo3/cms-core, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajhoLXhyZ2otN2d3Ms4AAehP
TYPO3 Improper Session Invalidation
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZmNtLXZoY3ctcDMycs4AAcDN
TYPO3 Backend component Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04N2hjLXBobWotcmhnaM4AASX6
TYPO3 Information Disclosure Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MnhyLXd4MjYtOXJmZ84AAboO
GeniXCMS Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aGYyLTd4ZjQtdzNqNs4AAbn0
GeniXCMS Cross-site Scripting
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00Mzk5LTQ2cjQtNXJtds4AAbnu
GeniXCMS Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ybTlyLXBtN3Etd3I2Zs4AAY3A
GeniXCMS denial of service (account blockage)
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ2M2LWpyOTQtaDQ0Ms4AAYd7
GeniXCMS Cross-site Scripting (XSS) via id parameter
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zYzdnLXA5angtOGNnbc4AAYd4
GeniXCMS Cross-site Scripting (XSS) via the Menu ID field
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NTljLXc1NHgtODM0Ms4AASdQ
GeniXCMS Mailbox validation logic vulnerability
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14ZjJnLWM2NmctNWY1cs4AAYd3
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jdjI0LXZoNDUtNGhqbc4AAqaq
Foxlor cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOXdyLW1qNjktY3Ftds4AAjxa
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ZnI4LXhocXEtNHAzcc4AAjo3
SilverStripe Denial of Service on flush and development URL tools
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ3cyLWY1bXgtcmc3aM4AAiJr
SilverStripe asset-admin Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOGhwLWdybXItcHA3as4AAzD5
RosarioSIS vulnerable to CSV Injection
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zdmpjLTV4NzktbTlyOM4AAot8
SilverStripe XXE Vulnerability in CSSContentParser
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yanZqLW1oZjItZzk5d84AAXbC
SilverStripe CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13dzN3LTU5MmotNXFyd84AAZbs
SimpleSAMLphp Incorrect IV generation for encryption
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04anhxLWdwbXItaDRnNM4AAb0h
imdbphp Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: imdbphp/imdbphp
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Nnh4LXB2ODgtMjY2Ms4AAmK8
PyroCMS Vulnerable to CSRF
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yYzh4LWpycmMtZnJmds4AAbh8
Laravel does not properly constrain the host portion of a password-reset URL
Ecosystems: packagist
Packages: laravel/framework, illuminate/auth, laravel/laravel
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNDd2LXJ4Y2ctcDI4as4AA05v
Stored Cross-Site Scripting October CMS
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xNWZnLXY1cDctcjQyNM4AAUT-
Croogo vulnerable to Cross-site Scripting in title field
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cXF4LTMyaHctNXZ4NM4AAVTa
Gleez CMS Vulnerable to Cross-site Scripting in media/imagecache/resize
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oaDkyLXdnN3YtOHZmcs39UQ
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qajRqLWN3Z3EtZng3Z84AAbjE
ViMbAdmin Cross-site Scripting Vulnerabilities
Ecosystems: packagist
Packages: opensolutions/vimbadmin
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mMmczLTNjNnEtNDQ3OM4AAmmC
Magento 2 Community Edition Incorrect Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05M2o0LXY4MzgtODc2N84AA2Pm
TYPO3 extension femanager Broken Access Control vulnerability
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nN3IzLWp3aHctMndmds4AAmmD
Microweber Insufficient Session Expiry
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03MnBmLWN2d3EtdmdxZ84AAT3J
Craft CMS Cross-site Scripting (XSS) Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjdnLXI1OHEtNjI0d84AAboA
Craft CMS subject to URL forgery
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjNxLTY1OHYtcXYzeM4AAVUz
OpenCart-Overclocked Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: villagedefrance/opencart-overclocked
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNm05LWdyODUtNzl2bc4AAzRH
Pimcore Cross-site Scripting (XSS) in name field of Custom Reports
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nMng0LTI1NnYtNXB2eM4AAltW
Codiad Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: codiad/codiad
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04OXIyLTVnMzQtMmc0N84AATfR
Symfony Open Redirect
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcXFoLTk0cjYtd2pyZ84AAV2m
Symfony SSRF Vulnerability via Form Component
Ecosystems: packagist
Packages: symfony/symfony, symfony/form
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4dzUtajh4ai0yeHdj
Cross-site Scripting in the yoast_seo TYPO3 extension
Ecosystems: packagist
Packages: yoast-seo-for-typo3/yoast_seo
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2Y3gtd2Y0Ny1oeDd3
No Restriction of Excessive Authentication Attempts in Firefly III
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wOGdwLTg5OWMtanZxOc4AA1aY
Wallabag user can reset data unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01bWo2LTNjbXEtZmgzNM0grg
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01YzU4LXc5eGMtcWNqOc4AAc0N
Symfony Vulnerable to PHP Eval Injection
Ecosystems: packagist
Packages: symfony/http-kernel, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwdzUtZ3J4eC12Mzk2
CSRF token exposure in TYPO3 extension
Ecosystems: packagist
Packages: lms/routes
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjQ5LWZ4MnYtOXA1N84AAd7g
Symfony Denial of Service Via Long Password Hashing
Ecosystems: packagist
Packages: symfony/security, symfony/polyfill, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycWZ2LXd3ZngtZmgzNM4AAWRI
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: paypal/permissions-sdk-php
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZmc3LXdjMjUtcjNqMs4AAYcc
eGroupware Community Edition Stored XSS vulnerability
Ecosystems: packagist
Packages: egroupware/egroupware
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2OWotNzhmNy13NnY5
Incorrect Authorization in TYPO3 extension
Ecosystems: packagist
Packages: localizationteam/l10nmgr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwbTgteGNqNi0ybTMz
Missing Authorization in TYPO3 extension
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3bWotNzJtcC1xM20y
Missing Authorization in TYPO3 extension
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05NHE0LXY1ZzYtcXA3eM4AAzTc
LavaLite CMS vulnerable to host header injection attack
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0Z3AtcWZmOC05NDZj
Insecure direct object reference of log files of the Import/Export feature
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cjZnLXhoeDctZm0zNs4AAbiN
Contao Core directory traversal vulnerability
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zM2pqLTkycHgtbTRnN84AAn8C
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyNnYtaDdtOC13Yzlm
Cross-site Scripting in Froala WYSIWYG Editor
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xOTl3LWo0bWotN2hqOM3-aw
Contao Information Disclosure via Access Control Flaws
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5MnYtN2ZybS1oNDRx
Cross-site scripting in LavaLite-CMS
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcjZxLXc0Z2otMzg2Nc4AAWI_
DOMPDF Arbitrary File Read
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NzYtbWN3My1xZzU1
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03anI0LWhncXgtdndncc4AAy-k
Access bypass in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zM3JoLTVodmYtNWpqcM4AAd5E
ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect
Ecosystems: packagist
Packages: zf-commons/zfc-user
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzd3LXFweHItMjU0Oc4AAc12
MediaElement Vulnerable to Reflected XSS
Ecosystems: packagist, npm
Packages: contao/core, contao-components/mediaelement, mediaelement
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wNGc3LXdqaHEtOXIyaM4AAT5T
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: paypal/merchant-sdk-php
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cjVnLWNxNHEtMzI3Z84AA0Xo
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJweGgtdmcyeC01MjZ2
List of order ids, number, items total and token value exposed for unauthorized uses via new API
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwbWgtZzk0Zy1xcmhy
Internal hidden fields are visible on to many associations in admin api
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00cnB2LWc0Z3Etcmg0bc4AAdHp
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycGc2LXZ3OWMtcWhqds4AA7Ug
Passbolt API allows HTML injection
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1qNjU3LXBqZ2MtYzRoNs4AAzXy
phpMyFAQ vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy
Cross-Site Request Forgery in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ydzczLXhtcHYtajV4Ms2NbQ
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zeGg1LTV2NXYtbWZnbc4AAj8g
Moodle reflected Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzdjLXF2NjgtajNwcM4AAxa2
Cross-site Scripting in MobileDetect
Ecosystems: packagist
Packages: mobiledetect/mobiledetectlib
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xM2M4LTY1cTctOXY3OM4AAxZt
Cross site scripting in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jN3Y0LW0yNjktNDk5Nc0Wow
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1td3F2LWpmZjYtNXY2Ms4AAgHe
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2