Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1qajYyLW1jM20tajc2Oc4AAupU
FeehiCMS has an arbitrary file upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ybWg3LXF4Y3ctcTM5Z84AAul4
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcnJoLXF2aGYteDc4OM4AAujw
PrestaShop Product Comments Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zMjV2LWc1dngtd2h4Y84AAujP
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01MjI5LTk0cDMtN3d3cc4AAujV
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ydjNyLXZxamotOGM3Ns4AAui4
Cross-site scripting from content entered in the tags and multiselect fields
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yZmYyLXZxbTMtanB2Nc4AAuiW
snipe-it vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNmg4LXFqamMtajhjZ84AAuh-
Pagekit CMS cross-site scripting in Markdown text box where articles are edited
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yaDRyLTk2ODktNnh3NM4AAuhl
Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3
Cross-site scripting from dynamic options in the multiselect field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05eGdwLTNteHAtcnY3eM4AAugs
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jbXhjLTlnaGotanA4N84AAudB
Insufficient Session Expiration in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wNzRxLTJwZjgtajVqeM4AAubq
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
Ecosystems: packagist
Packages: exceedone/laravel-admin, exceedone/exment
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04NjI5LTgzbTUtcmo3Nc4AAubr
exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: exceedone/laravel-admin, exceedone/exment
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL
Kirby CMS 2.5.12 Cross-site Scripting
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav
Kirby CMS 2.5.12 Cross-site Request Forgery
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcjRmLTRwY3gtMnIzaM4AAuZp
Pimcore Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xaG04LTY5cWgtZzc2as4AAuZO
Missing password strength check in notrinos/notrinos-erp
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ODNtLXJnaGgtZnJ4as4AAuYe
Cross site scripting in yetiforce/yetiforce-crm
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qaHhoLTY4amotNjhjN84AAuYl
Cross site scripting in yetiforce/yetiforce-crm
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS00NHc1LXEyNTctODQyOM4AAuXQ
Exposure of password hashes in notrinos/notrinos-erp
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yanZjLW1mN3ItY2g3cs4AAuXP
Cross site scripting in yetiforce/yetiforce-crm
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00bTJnLTY2OHYtandqeM4AAuGj
Cross site scripting in getkirby/starterkit
Ecosystems: packagist
Packages: getkirby/starterkit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04Y3dxLTRjbWYtcHg3M84AAuFv
PocketMine-MP invalid skin geometry JSON data leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ocng1LWN2NHYtNGM0NM4AAuE2
NotrinosERP Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1meDlnLWc5cTYteDNqeM4AAuCO
Magento Path Traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yN21tLWdyZjMtNWZqds4AAuDW
Magento Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14OTV4LWY0ZzktbW04Nc4AAuDM
Magento Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05d2pmLTk0aDMtcjRyaM4AAuCN
Magento Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yZzdwLXdtZ2otZjM3NM4AAuCM
Magento stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01bTU1LWc4cHYteDh3d84AAuDG
Magento stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jajd3LXBtNzctaHZnNs4AAuCK
Magento XML Injection vulnerability in the Widgets Module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mY3B3LXZxaDUtNnF3as4AAuCA
Moodle reflected XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04d2ozLWNwbXItOHdocM4AAuBb
Cockpit Content Platform vulnerable to 2FA bypass
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wdzRqLXI2OW0tcnJyNc4AAt-D
ForkCMS XSS via `end_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aG1jLTg3aDQtdzg2Oc4AAt-A
ForkCMS stored XSS via `start_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NXdmLXFtOTUtNm1obc4AAt-O
ForkCMS XSS via `publish_on_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNHF2LTN4NTgtcnhtaM4AAt-C
ForkCMS XSS via `publish_on_time` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZjZyLXE2NzgtZjJwN84AAt9d
Microweber's title parameter in the body of POST request vulnerable to stored XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12bTZwLTM1cnctM2Z4Y84AAt3H
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: aheinze/cockpit
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jd2hwLXJxZnItODQ2Ms4AAt2I
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ocmd4LXAzNnAtODlxNM4AAtvN
PrestaShop eval injection possible if shop vulnerable to SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jOHJwLWNnZjQtOTM3d84AAtvL
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack
Ecosystems: packagist
Packages: mezzio/mezzio-swoole
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNXE2LW00MjUtOWZxcs4AAtuW
Feehi CMS Cross-site Scripting
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qeGc5LTJjaDctZjU1Ms4AAttV
Feehi CMS arbitrary code execution via crafted PHP file
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ODM0LXh2NXEtY2dmd84AAtr2
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Mjc0LWg1anAtOTd2cs4AAtr1
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Ecosystems: packagist
Packages: laminas/laminas-diactoros
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MndoLW00anItMjMzcs4AAtoK
Moodle LTI module reflected XSS risk
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNDN2LTVwZmYtcXFmas4AAtoG
Moodle Open redirect risk in mobile auto-login feature
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14cDJmLTlteDMtM2M2cM4AAtoC
Moodle PostScript Code Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wZ201LWNyNjItcHJ4cc4AAtoJ
Moodle Arbitrary file read when importing lesson questions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d3Y3LWg0Nzctd3J2N84AAtoF
Moodle Stored XSS and blind SSRF possible via SCORM track details
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14ZzcyLTZjODMtZ2hoNM4AAtmg
Microweber Stored Cross-site Scripting before v1.2.20
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZmNnLTJxZ3ItdjI0M84AAtly
Microweber before 1.2.21 vulnerable to reflected XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Ecosystems: packagist
Packages: islandora/islandora
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cWo4LTZ4eGotaHA5aM4AAtdJ
Dompdf before v2.0.0 vulnerable to chroot check bypass
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd3ZmLTI4ZmctZzR4Z84AAtcS
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC
Bypass of CMS Safe Mode Security Feature
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cDczLXFnMnYtMzgzaM4AAtZ_
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Ecosystems: packagist
Packages: packbackbooks/lti-1-3-php-library
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NjhtLTV3MzQtMnhmNc4AAtZ-
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Ecosystems: packagist
Packages: packbackbooks/lti-1-3-php-library
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Zjg1LTNmOHEtcWM5NM4AAtZ6
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ycHhnLWhnNzktaDhxOc4AAtZ0
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Ecosystems: packagist
Packages: in2code/lux
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djdoLWNwYzItcjhqcM4AAtX7
October CMS upload process vulnerable to RCE via Race Condition
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jOGYyLTVoMjktOGoyaM4AAtVQ
libconnect Extension for Typo3 Vulnerable to XSS
Ecosystems: packagist
Packages: subhh/libconnect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cGdtLTNqM2ctMnJjN84AAtUL
Valinor error messages leading to potential data exfiltration before v0.12.0
Ecosystems: packagist
Packages: cuyz/valinor
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05d3FyLTk3ODctcDRyZs4AAtSg
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWgzLXg1dzctamc1bc4AAtKq
Microweber before v1.2.20 vulnerable to cross-site scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01amdqLWg5d3AtNTNmcs4AAtKk
Known vulnerable to code execution via SVG file in v1.3.1
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00djRwLTg3bTMtNTQyM84AAtKh
Known v1.3.1 contains Insecure Direct Object Reference
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNzU3LTR2M3Atajc0Zs4AAtKj
Known vulnerable to account takeover via host header injection attack in v1.3.1
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNjg4LTdqM2MtaDlmM84AAtKi
Known v1.3.1 Cross-site Scripting
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13ODJ4LXhqanItY2pyNc4AAtJP
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14d3F4LXgzOGMtY3c5Nc4AAtJv
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNm1wLTU2MngtZ2d2ds4AAtGX
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cGcyLXFnODctdm1qN84AAtFk
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMzc3LXg4cmctYzltZs4AAtCY
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MzdqLTVxYzMtYzU4Oc4AAtCQ
Open Redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jeGd3LXI1amctN3h3cc4AAtB6
Code injection in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NjhnLTYydjktMzl3Nc4AAtB1
Unpublished, protected files can be published via shortcode
Ecosystems: packagist
Packages: silverstripe/assets
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz
Stored XSS via HTML fields in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3E4LW00eHctYzY3NM4AAtBx
Hybridsessions does not expire session id on logout
Ecosystems: packagist
Packages: silverstripe/hybridsessions
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcjZtLWYzZ3YtODY3OM4AAtBd
Cross-site Scripting in admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wZjZwLTI1cjItZng0Nc4AAtBR
Server-Side Request Forgery in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yangzLTVqOXYtcHJwcM4AAs_N
BlockWishList SQL Injection vulnerability
Ecosystems: packagist
Packages: prestashop/blockwishlist
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMnd3LTZ3djYtdnczY84AAs-f
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zanhoLTY2MzUtNmp3cM4AAs93
Path traversal in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02eGM0LTdmbW0tNjVxMs4AAs-a
Code injection in concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDk2LW00MnYtaHZoNc4AAs6_
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ndm1mLXdjeDYtcDk3NM4AAs60
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzU0LXZ3YzQtcDZxas4AAs6z
Authenticated Stored Cross-site Scripting in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wbTM3LTVqNW0tNmN2d84AAs6P
Cross-site Scripting in NukeViet CMS
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12ODI5LWo5cnItODV2Oc4AAs5j
Cross-site Scripting in krayin/laravel-crm
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xNTU5LThtMm0tZzY5Oc4AAs5c
Change in port should be considered a change in origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yNW1xLXY4NHEtNGo3cs4AAs5X
CURLOPT_HTTPAUTH option not cleared on change of origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2