Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS04aDgzLWNoaDItZmNocM4AAv0g
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00NDZxLXh4ZzUtM3ZoaM4AAv0f
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wY3BtLXZjNHYtY212eM4AAv0e
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNmpjLXhyYzMtNHd3cc4AAv0d
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zOTRqLXgzN3ItMnEyN84AAv0c
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03NjQ0LWN4cDgtaDIzcs4AAv0b
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jN3BjLXBnZjYtbWZoNc4AAv0a
ezplatform-graphql GraphQL queries can expose password hashes
Ecosystems: packagist
Packages: ezsystems/ezplatform-graphql
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01OGg1LWg1NTQtNDI5cc4AAv0Z
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcDdnLXdyZ2ctd3E0Nc4AAv0Y
GraphQL queries can expose password hashes
Ecosystems: packagist
Packages: ibexa/graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qcnZyLWdtcXYtaGdyaM4AAvxg
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zcHBtLWZ3aG0tcXFnNs4AAvxr
FeehiCMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zd21nLTI4djktOGhmNs4AAvxf
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02cmp2LXh4Z3ItdjU3eM4AAvt6
Froxlor vulnerable to code injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oOTV3LXAzeDYtd3dqNs4AAvti
Froxlor vulnerable to Code Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMzZqLXJmeDUtd3EzOM4AAvsL
OpenCart SQL injection vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OW05LXA2Y20tOTRxNc4AAvsG
TYPO3 Extension femanager vulnerable to Broken Access Control
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mOTJwLWY4cjItYzg3cc4AAvsD
Tribal Systems Zenario CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qNXd4LWp2dzMtajM2M84AAvrw
Centreon vulnerable to SQL Injection
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05bWYyLWhwajQtcnczcs4AAvoJ
TablePress Plugin vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: tobiasbg/tablepress
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04cTcyLTZxcTgteHY2NM4AAvn3
phpCAS vulnerable to Service Hostname Discovery Exploitation
Ecosystems: packagist
Packages: apereo/phpcas
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0
ProcessWire vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1
ProcessWire vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12cXZtLXFyd2gtNjloN84AAvmw
easyii CMS's File Upload Management vulnerable to unrestricted upload
Ecosystems: packagist
Packages: noumo/easyii
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cjc0LTJ2NjYtNTdwcM4AAvmN
phpMyFAQ vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tZzVoLXJoanEtNnY4NM4AAvmM
phpMyFAQ vulnerable to reflected Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0ycnIzLXJ2NDktcDQyZs4AAvl1
phpMyFAQ contains Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01cXhxLXZnbW0tcTM5bc4AAvli
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZmg1LXE2ZmctdzI4cc4AAvj1
Prototype pollution in Snowboard framework
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1md3ZjLTl4aGotMjZ2Nc4AAvi3
Badaso vulnerable to Remote Code Execution via malicious file upload
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cjlnLXc0OHEtOGp3bc4AAviu
HyperDown vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: joyqi/hyper-down
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yOTdmLXI5dzctdzQ5Ms4AAve8
Magento Improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS02cmo4LTljbTktNmdmZs4AAvdr
phpMyFAQ vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jbTIyLTg4cXItN2ZmaM4AAvbG
Lavalite vulnerable to Arbitrary File Read via Directory Traversal
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas
Kirby CMS vulnerable to user enumeration in the brute force protection
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00dmY0LTk1NWctdnhwMs4AAvap
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS14NHE3LW02ZnAtNHY5ds4AAvUA
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03Y200LXZtZjItOHdmMs4AAvTC
Dolibarr vulnerable to Eval Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS03ZmoyLXJycTYtcnBocc4AAvPf
melisplatform/melis-asset-manager vulnerable to Path Traversal
Ecosystems: packagist
Packages: melisplatform/melis-asset-manager
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tM20zLTZnd3ctN2dqOc4AAvPe
melisplatform/melis-cms vulnerable to deserialization of untrusted data
Ecosystems: packagist
Packages: melisplatform/melis-cms
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNDc5LTJtdjQtNWMyNs4AAvPd
melisplatform/melis-front vulnerable to deserialization of untrusted data
Ecosystems: packagist
Packages: melisplatform/melis-front
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zM2M5LXJwcGYtbTdmcc4AAvMI
Backdrop CMS Unrestricted File Upload vulnerability
Ecosystems: packagist
Packages: backdrop/backdrop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zOThqLWY3bTctNzk1as4AAvLp
PHPMailer vulnerable to email header injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03NDVwLXI2MzctN3Z2cM4AAvLo
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01aHc0LW03ZjMtaGh4OM4AAvLl
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Ecosystems: packagist
Packages: spoonity/tcpdf, la-haute-societe/tcpdf, fooman/tcpdf, tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12OWZqLWg4ZzYtNHc5cc4AAvLC
YetiForce CRM vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14anIzLWZ3cDktOWc5Ns4AAvLD
Moodle Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qcWdyLWdoNjItamY1M84AAvJO
Moodle Stored Cross-site Scripting and page denial of service
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaG1tLXEyNzIteG1oZs4AAvIu
Moodle remote code execution
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tcXc5LTNjam0teHdwM84AAvIw
Moodle Minor SQL injection risk in admin user browsing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zODVmLXZncTctOGhoeM4AAvJX
Moodle No groups filtering in H5P activity attempts report
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS01Mm0yLXZjNG0tamozM84AAvIl
Twig may load a template outside a configured directory when using the filesystem loader
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bXFxLTdnMjUtcjR3eM4AAvIZ
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05MnZoLW1yMnctajJjcs4AAvHn
Moodle Improper Authentication
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cjZxLXh2MjMtcmZxOc4AAvHo
Moodle Incorrect Authorization
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yanhnLW12Mm0tajRyN84AAvH6
Moodle type juggling vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncDR3LWY1N3ItOXJ4M84AAvHm
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tMzdnLW13Y2ctN2o3ds4AAvH2
Moodle Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wZ2d3LXJxZm0tNzJyaM4AAvF3
EC-CUBE DOM-based cross-site scripting vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13anB2LWZyZjItM3I1OM4AAvFz
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yNWd2LXdnNmYtNmZycM4AAvEa
Centreon SQL Injection vulnerability via esc_name parameter
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ydjVxLTcycDItMnEyNM4AAvEW
Centreon contains cross-site scripting vulnerability via esc_name parameter
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS02eDI4LTdoOGMtY2h4NM4AAvDp
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mdmY1LXhwODMtdnJxcM4AAu_6
ICEcoder vulnerable to Path Traversal
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cXI2LTU3cW0taGhyNc4AAu-u
Pimcore vulnerable to cross site scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNTQ2LXY2NjYtNTU5eM4AAu-Z
Craft CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xcnFtLTU3NHgtcTdmMs4AAu-D
Awesome Support vulnerable to persistent cross-site scripting
Ecosystems: packagist
Packages: awesome-support/awesome-support
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12eDN4LWh3cGgtZ3J2d84AAu9f
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xd2M4LXZqaDMtZ20yas4AAu9a
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycWY4LWg3cHIteDJyOM4AAu9d
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tcWg5LTVqcDktNjc5Oc4AAu9i
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h
Microweber Cross-site Scripting can result in redirection to a malicious site
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nbThjLXc5Y20tYzQ0Nc4AAu9c
Microweber vulnerable to HTML Injection in create tag functionality
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00djVtLXZ3dnAtcDd3OM4AAu9U
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1maHZ2LXA5NjgtNnZ2as4AAu6G
Snipe-IT vulnerable to Improper Authentication
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zamgyLXdtdjctbTkzMs4AAu6F
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cjg5LXg5M3gtbWpxMs4AAu33
Craft CMS Stored Cross-site Scripting in User Addresses Title
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13eHZmLTgzOWYtanFtaM4AAu32
Craft CMS Cross site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tdzM3LXd4OHAtZ3A0Nc4AAu4D
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zY3ZtLTd3cmgtcXJmOc4AAu3C
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dmZxLWpteGctZzU4cs4AAu18
Shopware contains sensitive data in backend customer module
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xYzQzLXBnd3EtM3Eycc4AAu16
Shopware access control list bypassed via crafted specific URLs
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00N202LTQ2bWotcDIzNc4AAu1r
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13M3c5LXZyZjUtOG14OM4AAu1p
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Ecosystems: packagist
Packages: react/http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mZmZyLTd4NHgtZjk4cc4AAu1V
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tMzkyLTIzNWotOXI3cs4AAu1U
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OTU5LTR4NTgtcjhjMs4AAu1T
TYPO3 CMS missing check for expiration time of password reset token for backend users
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05YzZ3LTU1Y3AtNXcyNc4AAu1S
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mdjJtLTkyNDktcXg4Nc4AAu1R
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1od3E3LTV2djktYzZjZs4AAu1C
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00ODQ5LXgzangtNDVxcs4AAu07
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncXFmLWc1cjctODR2Zs4AAuzy
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cjRmLWpydnctaDcyN84AAuzP
Feehi CMS host header injection vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bTJoLTdyZjItcnB4Ns4AAuzF
UniSharp Laravel Filemanager directory traversal vulnerability
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mbTZtLWZnMjMtNjdqcc4AAuwm
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01ZmZqLW1waDUtYzVods4AAutQ
Appwrite Vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOTVyLTg2aHgteHd4Z84AAusg
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: rankmath/seo-by-rank-math
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12aDRtLW13OHctZzR3OM4AAuqS
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yOXF2LWhoZzQtNng5Ns4AAuqU
Unauthenticated Sensitive Information Disclosure vulnerability
Ecosystems: packagist
Packages: libreform/libreform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2