Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS1ydm1jLThnbWctZ2dxcs0yYw
Moodle Blind SQL injection possible via MNet authentication
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcmhxLXg3eGgtMjc4NM4AAmIX
Froala WYSIWYG Editor XSS Vulnerability
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s
phpMyAdmin Remote Code Execution
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZjY1LWhwaDktNDUzcs4AA8Ha
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qcDZoLW14aHgtcGdxaM0xLg
Shopware guest session is shared between customers
Ecosystems: packagist
Packages: shopware/storefront, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajlyLWZwdjMtcmdmeM4AAy6p
Shopware vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04cXhoLWhjcjktMjM3Oc4AAq04
Shopware Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tdnJ4LWNtcXctMmpnas4AAXhV
Shopware XSS Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtMngtNjQ3NS1nOXI4
XSS Injection in Media Collection Title was possible
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 23 hours ago
High
GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw
Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS00cjhxLWd2OWotM3h4Ns00Gw
Open Redirect
Ecosystems: packagist
Packages: hyn/multi-tenant
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qcWdyLWdoNjItamY1M84AAvJO
Moodle Stored Cross-site Scripting and page denial of service
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnNngteHg3OC00NDhj
Reflected XSS when importing CSV in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS01OXg0LTY3bWgtcHg1NM0s4Q
Crypt_GPG does not prevent additional options in GPG calls
Ecosystems: packagist
Packages: pear/crypt_gpg
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02NGZxLTljNnctcnE0NM05oA
Improper Neutralization of Formula Elements in a CSV File in Kimai 2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qODJ4LWZoOGgtMzI2Z84AAwrd
Yii2 FileAPI Widget vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: vova07/yii2-fileapi-widget
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14OXhqLXBxbXYtOGpmN84AAzAB
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jeDJyLW1mNngtNTVyeM0WcQ
Stored XSS with custom URLs in PrestaShop module ps_linklist
Ecosystems: packagist
Packages: prestashop/ps_linklist
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS05bTcyLXB3NDctMjkyd8390w
Joomla RCE Vulnerability
Ecosystems: packagist
Packages: joomla/framework
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cWpmLTdnM2otcXgyNc4AA17k
Neos CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: neos/media-browser
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 8 months ago
High
GSA_kwCzR0hTQS01cGdtLTNqM2ctMnJjN84AAtUL
Valinor error messages leading to potential data exfiltration before v0.12.0
Ecosystems: packagist
Packages: cuyz/valinor
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycWZ2LXd3ZngtZmgzNM4AAWRI
paypal/permissions-sdk-php reflected Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: paypal/permissions-sdk-php
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jajd3LXBtNzctaHZnNs4AAuCK
Magento XML Injection vulnerability in the Widgets Module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03OTJmLWM4bXAtMmNyNc4AAnh_
Magento OS command injection via the WebAPI
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yNjl3LXBxYzctNjhxOc4AAniK
Magento vulnerable to a file upload restriction bypass
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yajRmLWNwNHYtaHZjds4AAniQ
Magento Blind SQL Injection in the Search module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cHhnLTZwODctOGM5ds4AAmmL
Magento 2 Community Edition RCE via Unsafe File Upload
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oNDM3LXFqajktdm1xNM4AAniO
Magento XPath Injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tdzk1LWdtdzQtODgzcM4AAniW
Magento XML injection in the Widgets module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ydjQ4LXY4NjItbXA5Ms4AAni8
Magento OS Command Injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNHItODM0Mi1qbWM5
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Ecosystems: packagist
Packages: fluidtypo3/vhs
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS13cmh4LTNweHItNnZnZ84AAhPp
Wikimedia MediaWiki Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04cjVqLTIyajUtdzRjbc4AAxF5
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: xpressengine/xpressengine
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcjk3LXY4N3AteDk2Nc4AAwrf
Ariadne Component Library vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: arc/web
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNzl4LTk4cjItZzZxY80loQ
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NTRyLTRjanYtdmM5aM30SQ
Moodle allows attackers to obtain manager privileges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OWpmLTNxOXYtcmg2Z84AA04l
By-passing Cross-Site Scripting Protection in HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tbTc5LWpocW0tOWo1NM4AA3Hu
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13ZzI0LTl4bTktNTkzds4AAjz8
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcHFjLWc0cjgtNmh4Z84AAjVP
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14dnZ2LXdqN2otcjlqbc0fYg
Cross-site Scripting in Netgen Tags Bundle
Ecosystems: packagist
Packages: netgen/tagsbundle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04anhxLWdwbXItaDRnNM4AAb0h
imdbphp Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: imdbphp/imdbphp
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wODQ5LXZmNWYtZjN4N84AAbZt
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS12NGoyLWN3bW0teGc4Oc4AA2EH
OpenCart Path Traversal vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 8 months ago
High
GSA_kwCzR0hTQS00NWdqLTc4aGMtNG12Y84AAimR
Magento SQL injection via marketing account with access to email templates variables
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcDlyLXJoOTUtZjhmOM4AAhkz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14OTV4LWY0ZzktbW04Nc4AAuDM
Magento Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13bXJnLXc5dmctN2pxeM4AAhkY
Magento 2 Community Edition CSRF Vulnerability
Ecosystems: packagist
Packages: magento/product-community-edition, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01djVwLXg4YzItbXF4cM4AAimS
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12NTI3LTZoNXItY2ZnOM4AAhkl
Magento 2 Community Edition Unsafe File Upload
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yOTdmLXI5dzctdzQ5Ms4AAve8
Magento Improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wNzgzLWdqNm0tOXI4OM4AAilu
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00djJxLWhqeDMtYzR2cs4AAq98
Magento remote code execution vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00N2g2LWhmcHYtN3Boas4AAilz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14NDJnLTgycHAtNHY2Z84AAilf
Magento SQL injection vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nZmNxLXdoM2ctYzZoNM4AAilE
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02cWg2LXY5OWgtdmg0Y84AAhkn
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/product-community-edition, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qcmp4LThnbXctamoycc4AAimQ
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yeDJxLTJ4cHYtbWNmOc4AAimP
Magento 2 Community Edition SQLi Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yY3JjLTV2cTYtMzg2cs4AAilI
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zMng1LTZwNHEtcThqaM4AAilG
Magento Information Disclosure via File upload functionality
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01eDI4LTNmMzIteDUyM84AA8HV
Drupal core Access control bypass
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13eGZnLTI1M2ctbTdyNM4AA8HX
Drupal core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00cDN4LThxdzktMjR3Oc0Wuw
Authenticated Stored XSS in shopware/shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS13eDNxLWY1ZjItNHE4ds4AAWr3
OpenCart Path Traversal
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F
phpMyAdmin SQL injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M
phpMyAdmin SQL Injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1
ProcessWire vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3dmctdzhxOC1jM3dm
Session Fixation
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyM3YtcTl4My03ZzQ2
Link injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS0zMzd3LWZ4cHEtNW0zNM4AA8HY
Drupal core uses a vulnerable Third-party library CKEditor
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xcWp2LW1jMnYtcDdtY84AATTM
Moodle SSRF Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoOHYtMnY4eC1oMjY0
SQL Injection in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05MzI4LTdwY3ctdnc2Oc0gsA
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qamh4LTVqZmYtcmM4bc4AASai
Moodle Improper Privilege Management
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yanhnLW12Mm0tajRyN84AAvH6
Moodle type juggling vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nOTZoLXd2cm0tYzJ3d83z9w
Moodle Improper Access Control
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocHdtLTg0aDUtdnFyOM4AASl8
Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14ang5LTdjMjktcHdtbc4AASnl
Moodle Improper Privilege Management
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12eG12LTc0cmYtdnFncM4AAWtY
Moodle Portfolio forum caller class allows a user to download any file
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NHIyLXI2N2ctZnI5bc4AAbK9
Moodle User fullname disclosure on user preferences page
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Y3Z4LWN3cHgtOXJqaM4AA3Br
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1meDlnLWc5cTYteDNqeM4AAuCO
Magento Path Traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jNXZqLWYzNnEtcDl2Z84AAyEz
Password Shucking Vulnerability
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13bXdmLTQ5dnYtcDNtcs4AA1Cm
Sulu Observable Response Discrepancy on Admin Login
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2