Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1xMnFqLTYyOGctdmhmd84AAy3N
Insecure header validation in slim/psr7
Ecosystems: packagist
Packages: slim/psr7
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cXE3LTNocWMtcDV3NM4AA0h8
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0Z3AtcWZmOC05NDZj
Insecure direct object reference of log files of the Import/Export feature
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nM3hmLTg1d2MtNDVncc4AAlHZ
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnB4LWpjZ3ctOXg1N84AAlHz
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yN2p3LW1nMjctajgzOc4AArZO
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFweHctNjQ3My1wcHd3
Session Fixation in Subrion CMS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02NTNxLXZxbTYtZ21qbc4AAilS
Magento 2 Community Edition Arbitrary File Deletion
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycGp3LTk3cDgtcDJ4cM4AA4KA
Gila CMS SQL Injection
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mcjZmLXhtZngtcnJwcc4AAlf1
Magento path traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NzYtbWN3My1xZzU1
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1
ProcessWire vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Y2dmLXZtcGMtcGg3Oc0lmA
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8
phpMyAdmin Local file exposure
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zY3h4LTNmNTMtbTkyY84AAv4m
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0yanhnLW12Mm0tajRyN84AAvH6
Moodle type juggling vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13Mmc0LWc4eHItcHg0eM4AAUa9
CSRF in PHP Server Monitor before 3.3.2
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NGotd2p4eC13Z2dq
Incorrect Access Control vulnerability in api-platform/core
Ecosystems: packagist
Packages: api-platform/core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycXhwLXhteDYtY3E0Zs4AAxel
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tOXI0LTNmZzctcHFtMs4AA1LV
PrestaShop path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02eHg3LWNwaHYtcHhncs4AAUf4
Showdoc Forced Browsing
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDg3LWdxdzgtNHBmMs4AAUfM
Showdoc CSRF Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03bWM0LWpwNGYtdjJqMs4AAw-x
Improper Authorization in grumpydictator/firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02OXE3LWh3dzQtOHBqcc4AAjU8
phpBB allows CSRF
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cGdjLXJ2cDktcnF2M84AAhk0
Magento 2 Community Edition Information Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12d3YyLTl3Y2otNjR2eM4AA4M1
Firefly III allows webhooks HTML Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02bWgyLTk4Z3Itd3Y3Ns4AAiKB
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Y3B2LTY2OWMtcjc5eM4AA1yz
Prevent injection of invalid entity ids for "autocomplete" fields
Ecosystems: packagist
Packages: symfony/ux-autocomplete
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1taHZmLWo5NGctM3FwN84AAhkd
Magento 2 Community Edition CSRF vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwZmYtMzg0ai12eHE3
Data leakage via SQL Injection in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal Core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cHE5LWM2N3EtMjNmcc4AAYvw
Fastly Magento2 sensitive information disclosure
Ecosystems: packagist
Packages: fastly/magento2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZngtM3Y0Zi1td3ht
Bypass of sitemp access restrictions
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nMmctOHB3ai1yMmoy
Authentication bypass in SilverStripe GraphQL
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00Z205LWM5anEtZzUyM84AAzaE
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04NDJtLXZwM3ItcXd3cs4AApIu
ThinkCMF Cross Site Request Forgerly (CSRF) vulnerability
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04djc1LThqajgtNzdnZs4AAhks
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNXI2LXZybXgtOWd3as4AAlbR
LibreNMS SQL Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ
Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qYzU1LWNyZzctcHIzNc0YJw
EC-CUBE Improper access control in Management screen
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOWh2LXFtcWgtMzNxaM4AAqv2
EC-CUBE Cross-site request forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12eDM1LWYzNzktNHE0Oc4AA0ie
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tZnI5LXBjbTMtNm13Y84AAg6P
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nOTZoLXd2cm0tYzJ3d83z9w
Moodle Improper Access Control
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcXFoLTk0cjYtd2pyZ84AAV2m
Symfony SSRF Vulnerability via Form Component
Ecosystems: packagist
Packages: symfony/symfony, symfony/form
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycGc3LXE0Y3YtcDQ2Ns0cuw
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cjhjLXBqN3gtbTVqeM4AAk3-
Comments plugin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: verbb/comments
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jZmg0LTd3cTktNnBnZ84AA0KK
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nanE0LTY5d2otcDZwcs0uLA
Path traversal in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jN2ZtLWp4NTktd2pmNs0lQA
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xOXh4LTQ2ODktZ3Z2Nc4AAo-B
Magento Unauthorized access to restricted resources
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00and4LTc4dngtZ202Z80ajA
Cross-Site Request Forgery in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nM2pyLTZ2ajQtM3g4Ms4AAzn0
TeamPass vulnerable to Improper Access Control
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyZzQtMjY2Yy1qcXc2
Predictable CSRF tokens in centreon/centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qamh4LTVqZmYtcmM4bc4AASai
Moodle Improper Privilege Management
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOTl3LWo0bWotN2hqOM3-aw
Contao Information Disclosure via Access Control Flaws
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in Drupal
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1xNGh3LWM2NmgtNHhxY84AAVvi
Pimcore SQLi Vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd2Y4LW1qajgtcjhocc4AAgU0
DOMPDF Information Disclosure
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOXF2LWhoZzQtNng5Ns4AAuqU
Unauthenticated Sensitive Information Disclosure vulnerability
Ecosystems: packagist
Packages: libreform/libreform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04d2dqLTZ3eDgtaDVocc3r4Q
Symfony HTTP Foundation web cache poisoning
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNG12LXJtcjctaDVmNc4AAzpI
Pimcore Privilege Defined With Unsafe Actions vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXA5N3ctdmNxcs0YFw
Cookie persistence after password changes in symfony/security-bundle
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oeG1wLWpjcWotODNobc4AAhk1
Magento 2 Community Edition Injection Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nMjczLXdwcHgtODJ3NM4AA4U0
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jMzhjLWM4bWgtdnE2OM4AA4Uz
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xcThtLTlycHgtdzJmbc4AA1EV
Admidio Insufficient Session Expiration vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx
Symfony possible session fixation vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jMjdqLTc2eGctNng0Zs4AAvas
Kirby CMS vulnerable to user enumeration in the brute force protection
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yeGhnLXcyZzUtdzk1eM0YGA
CSV Injection in symfony/serializer
Ecosystems: packagist
Packages: symfony/symfony, symfony/serializer
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncW1oLTV4bXEtM2ZoZ80-Yg
TYPO3 is vulnerable to Session Fixation
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03eDJoLTN2MnYtMjRwOc0pww
Cross-Site Request Forgery in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u
phpMyAdmin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3E4LW00eHctYzY3NM4AAtBx
Hybridsessions does not expire session id on logout
Ecosystems: packagist
Packages: silverstripe/hybridsessions
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05d3FyLTk3ODctcDRyZs4AAtSg
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02N2d2LXhydzctcDcyd84AA35i
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: phpsysinfo/phpsysinfo
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oZzc3LXZ4OXYtZjQ5eM4AAzAS
Path Traversal in Asset "import from server" option
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OW05LXA2Y20tOTRxNc4AAvsG
TYPO3 Extension femanager vulnerable to Broken Access Control
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xODNjLTY0YzktYzQybc4AAgU1
DOMPDF denial of service vulnerability
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNjJqLWhyeG0teGN4Zs0g_Q
Book page text, count, and author/title length is not limited in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZmo3LXczNzMtZ3FjaM0WwQ
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xY2pnLWh2ZzYtaHhjcM4AA2Ju
phpMyFAQ allows unrestricted file types in image field
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14eHE0LTM3NDItM2gyOM0p0Q
Generation of Error Message Containing Sensitive Information in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNG1tLTg5cTIteGZmZ84AAaS8
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00eGM3LXgyanItY3I3NM0uNA
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13M21xLTY3bXctM3A5Zs4AAXdm
Magento Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nYzk1LTVtbXAtbXA2as4AA2Hg
Economizzer vulnerable to Clickjacking
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zOG05LTN2ZzQtcnd2cM0txQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,811 pypi 3,712 npm 3,543 go 1,896 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 simplesamlphp/simplesamlphp 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 ezsystems/ezpublish-kernel 14 smarty/smarty 14 impresscms/impresscms 13 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 october/system 13 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 phpmyfaq/phpmyfaq 12 feehi/feehicms 11 feehi/cms 11 zendframework/zendframework 11 silverstripe/cms 11 sylius/sylius 10 wwbn/avideo 10 admidio/admidio 10 opencart/opencart 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 wallabag/wallabag 10 laravel/framework 10 ezsystems/ezplatform-kernel 10 pagekit/pagekit 10 tinymce 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 concrete5/core 9 TinyMCE 9 alextselegidis/easyappointments 9 october/october 9 kevinpapst/kimai2 9 tinymce/tinymce 9 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 croogo/croogo 8 symfony/http-foundation 7 wpglobus/wpglobus 7 silverstripe/graphql 7 flarum/core 7 statamic/cms 7 silverstripe/admin 7 pterodactyl/panel 7 october/backend 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 dweeves/magmi 6 yiisoft/yii2-dev 6 guzzlehttp/guzzle 6 bagisto/bagisto 6 yourls/yourls 6 in2code/femanager 6 contao/core 6 gleez/cms 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 symfony/security-core 5 ibexa/core 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ezsystems/ezplatform-admin-ui 5 billz/raspap-webgui 5 pear/archive_tar 5 gugoan/economizzer 5 bottelet/flarepoint 5 anchorcms/anchor-cms 5 typo3/cms-install 5 phpseclib/phpseclib 5 oro/platform 5 idno/known 4 wintercms/winter 4 woocommerce/woocommerce 4 typo3/cms-frontend 4 notrinos/notrinos-erp 4 evolutioncms/evolution 4 bytefury/crater 4 codeigniter4/shield 4 typo3/html-sanitizer 4 oro/commerce 4 symfony/security-bundle 4 wp-premium/gravityforms 4 modx/revolution 4 spatie/browsershot 4 bref/bref 4 magento/product-community-edition 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/dolibarr/dolibarr 10 https://github.com/top-think/framework 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/tinymce/tinymce 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/wintercms/winter 6 https://github.com/gleez/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/ibexa/core 5 https://github.com/jbroadway/elefant 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/composer/composer 5 https://github.com/zendframework/zf1 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/phpseclib/phpseclib 5 https://github.com/nukeviet/nukeviet 5 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/brefphp/bref 4 https://github.com/screetsec/VDD 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/kimai/kimai 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/oroinc/crm 3 https://github.com/PrestaShop/productcomments 3 https://github.com/modxcms/revolution 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/facade/ignition 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/pixelfed/pixelfed 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/liufee/feehicms 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2