Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1yNWYyLTR3ZjQtY3Y2Ns4AAiAZ
Cross-site Scripting in LimeSurvey
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xZjJnLW1ycngtcnI1cM4AAo0h
Drupal Core Cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9
Drupal Core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tOGd2LWd2aGYtN3JocM3f0A
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_
Drupal Core Cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mMjN4LTRnZjQtbTlmZs3foQ
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ
Drupal CRLF injection vulnerability in the drupal_set_header function
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Authenticated XML External Entity Processing
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO
Drupal Unprivileged access to config export
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_
Drupal sensitive information disclosure
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU
Drupal cross site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zY2ZnLXJ4aDYtaDJyaM4AApBl
LavaLite Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG
Drupal external link injection vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14aGZ3LXdqamMtNGo1aM4AASoD
Moodle Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14djcyLTZwZ2gtY2pqOM4AAwBO
Moodle stored-XSS vulnerability in some "social" user profile fields
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Z3gyLWc3NzMtaHY5aM4AAwBP
Moodle reflected cross-site scripting vulnerability in policy tool
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zODVmLXZncTctOGhoeM4AAvJX
Moodle No groups filtering in H5P activity attempts report
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01NHIyLXI2N2ctZnI5bc4AAbK9
Moodle User fullname disclosure on user preferences page
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yamg4LXc4amcteHdxNc4AAYE1
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14aGZ4LXJtOHEtYzN4ds4AAnXr
Moodle Vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zMzJnLXhoMzQtNWM5Ns4AAXdN
Moodle Privilege escalation in quiz web services
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12eG12LTc0cmYtdnFncM4AAWtY
Moodle Portfolio forum caller class allows a user to download any file
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NXJ3LTRyMjUtanZnN83ruQ
Moodle Logged in users could view all calendar events
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jOGYyLTVoMjktOGoyaM4AAtVQ
libconnect Extension for Typo3 Vulnerable to XSS
Ecosystems: packagist
Packages: subhh/libconnect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14ang5LTdjMjktcHdtbc4AASnl
Moodle Improper Privilege Management
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mYzZoLTc2OXgtZ2ZmNc4AAqpt
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocHdtLTg0aDUtdnFyOM4AASl8
Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01dzRoLXhycjUtNzI3M84AARPt
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12OXhxLXZoNzItY2hyNM37Xg
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNzM5LWd3NnEtZjRjN807Vw
HTML Injection in Froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1janJmLXhnNzctY2hwd830BQ
Moodle Incorrect sanitation of attributes in forums
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yajI2LWo5NTMtMnJwaM4AAzAz
Stored cross site scripting on saved presets
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yd2dnLWM4eGMtN2dnM83MtQ
TYPO3 Backend Discloses Encryption Key
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3hxLTVxcWMtdjNmY84AAfKp
TYPO3 Open redirect vulnerability in the Access tracking mechanism
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04MzhjLXY1Y3EtaHAzM84AAcSK
TYPO3 OpenID extension Open redirect vulnerability
Ecosystems: packagist
Packages: friendsoftypo3/openid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcnBnLTJtbTItampxZs3hdA
PrestaShop Stored Cross-Site Scripting Vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOWpnLTl3ODctNnJnNM4AAeik
TYPO3 Improper Access Management in the File Abstraction Layer
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjZyLTZ4bTktd3cyMs4AAUL8
Yii Incorrectly Implements CORS
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3
Cross-site scripting from dynamic options in the multiselect field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xeGgzLWpndmgteDU1as4AA0OT
Connect-CMS Privilege Escalation Vulnerability
Ecosystems: packagist
Packages: opensource-workshop/connect-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qcTRwLW1xMzMtdzM3Nc0nOQ
Cross-site Scripting when rendering error messages in laminas-form
Ecosystems: packagist
Packages: laminas/laminas-form
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NDY1LXIyaGctdjRyas4AAewC
CiviCRM SQL injection vulnerability via Quick Search API
Ecosystems: packagist
Packages: civicrm/civicrm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14YzdxLXE2MmYtd2N2cs4AAe6Q
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05N2NwLTg4NzMtdjJnZs4AAx55
Pimcore vulnerable to Cross Site Scripting in Documents Link Editable
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Z2g0LXYyY2gtcGN4NM4AAfH_
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Zmo4LXdoM2ctcXZxMs4AAez-
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNjc0LW1jOXAtaHZ3Nc4AAe0A
TYPO3 Improper Access Control vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qMzNtLTI1MzctODZqbc1AyA
PrestaShop XSS Vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oYzRqLTdtcWctY3hqas4AAv5R
PHPServerMon PRNG has Insufficient Entropy
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Z3FqLXBwdjItZjJocc4AAdhH
Cross-site Scripting in SmartyException
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d3JtLTg5NDctNG02Y84AAe25
Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05dzhmLTd3Z3ItMmg3Z80Yzw
kimai2 is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cG02LWg1M20teDJ4Zs4AAe3O
Drupal improper access restrictions
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yODdyLTU3NHgtZjRoNM0oGg
RosarioSIS XSS Vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oZjR4LTZoODctaG03Oc4AAxyU
MantisBT may expose private issues' summaries to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wdzRqLXI2OW0tcnJyNc4AAt-D
ForkCMS XSS via `end_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13M3Y2LXI2MnItZnZxaM4AAfib
Typo3 API XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03amZtLXB4NTktOTl3OM4AAfiS
Typo3 Extbase Framework Unsafe Deserialization
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjU4LWozMjMtNjQ3Ms4AA21F
pimcore/admin-ui-classic-bundle Unverified Password Change
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00ODQ5LXgzangtNDVxcs4AAu07
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zOW0zLWNqOGMtODg2cs4AA2Kn
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xY2pnLWh2ZzYtaHhjcM4AA2Ju
phpMyFAQ allows unrestricted file types in image field
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wZmo3LXczNzMtZ3FjaM0WwQ
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2ZtLXY4OTUtM3F4cc4AAlQF
jh_captcha for Typo3 XSS Vulnerability
Ecosystems: packagist
Packages: haffner/jh_captcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wMnZ3LWY4N2MtcTU5N81BtQ
Improper Access Control in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zMjV2LWc1dngtd2h4Y84AAujP
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05YzZ3LTU1Y3AtNXcyNc4AAu1S
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy
Cross-Site Request Forgery in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ncXFmLWc1cjctODR2Zs4AAuzy
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03NnI3LWg0NnctNDYzcs4AAxps
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03djQ0LTc1amYtMjJnas4AAh3D
Kimai v2 is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aGdjLXdwYzUtdjhwOc1RPw
An attacker can execute malicious javascript in Live Helper Chat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cWc3LTh2NngtNTRycc4AAlf3
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Z3A5LWo0OGgtampmOc4AAlfm
Magento observable timing discrepancy vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tbTc5LWpocW0tOWo1NM4AA3Hu
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jOGhqLXcyMzktNWd2Zs4AA3MK
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1neHhqLXg0MjYteGoyd84AAxkS
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13anJqLWpjM3ctcHBmd84AAxkP
Code Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zcXJxLXI2ODgtdnZoNM1Bkg
Multiple valid tokens for password reset in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wZnJjLTVoaHEtNmh2cs4AASxS
Showdoc Unauthenticated Access
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jMzhwLXZ3NmotcWpwcs4AAxkT
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nM201LXZ2ajcteHJ3ds4AAWuY
Joomla! XSS Vulnerability
Ecosystems: packagist
Packages: joomla/joomla-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMjYzLWp3Z20td3Y5N84AAVTn
Showdoc XSS Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NXFnLWY3N2otY2NjZs4AAWkh
Yii2-StateMachine extension for Yii2 XSS Vulnerability
Ecosystems: packagist
Packages: ptheofan/yii2-statemachine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjJmLWNyeGctY3Bmds4AAXRZ
Tiki Wiki CMS XSS Vulnerability
Ecosystems: packagist
Packages: tikiwiki/tiki-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yanZjLW1mN3ItY2g3cs4AAuXP
Cross site scripting in yetiforce/yetiforce-crm
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02NXdmLXFtOTUtNm1obc4AAt-O
ForkCMS XSS via `publish_on_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,811 pypi 3,712 npm 3,543 go 1,896 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 simplesamlphp/simplesamlphp 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 ezsystems/ezpublish-kernel 14 smarty/smarty 14 impresscms/impresscms 13 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 october/system 13 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 phpmyfaq/phpmyfaq 12 feehi/feehicms 11 feehi/cms 11 zendframework/zendframework 11 silverstripe/cms 11 sylius/sylius 10 wwbn/avideo 10 admidio/admidio 10 opencart/opencart 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 wallabag/wallabag 10 laravel/framework 10 ezsystems/ezplatform-kernel 10 pagekit/pagekit 10 tinymce 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 concrete5/core 9 TinyMCE 9 alextselegidis/easyappointments 9 october/october 9 kevinpapst/kimai2 9 tinymce/tinymce 9 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 croogo/croogo 8 symfony/http-foundation 7 wpglobus/wpglobus 7 silverstripe/graphql 7 flarum/core 7 statamic/cms 7 silverstripe/admin 7 pterodactyl/panel 7 october/backend 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 dweeves/magmi 6 yiisoft/yii2-dev 6 guzzlehttp/guzzle 6 bagisto/bagisto 6 yourls/yourls 6 in2code/femanager 6 contao/core 6 gleez/cms 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 symfony/security-core 5 ibexa/core 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ezsystems/ezplatform-admin-ui 5 billz/raspap-webgui 5 pear/archive_tar 5 gugoan/economizzer 5 bottelet/flarepoint 5 anchorcms/anchor-cms 5 typo3/cms-install 5 phpseclib/phpseclib 5 oro/platform 5 idno/known 4 wintercms/winter 4 woocommerce/woocommerce 4 typo3/cms-frontend 4 notrinos/notrinos-erp 4 evolutioncms/evolution 4 bytefury/crater 4 codeigniter4/shield 4 typo3/html-sanitizer 4 oro/commerce 4 symfony/security-bundle 4 wp-premium/gravityforms 4 modx/revolution 4 spatie/browsershot 4 bref/bref 4 magento/product-community-edition 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/dolibarr/dolibarr 10 https://github.com/top-think/framework 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/tinymce/tinymce 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/wintercms/winter 6 https://github.com/gleez/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/ibexa/core 5 https://github.com/jbroadway/elefant 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/composer/composer 5 https://github.com/zendframework/zf1 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/phpseclib/phpseclib 5 https://github.com/nukeviet/nukeviet 5 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/brefphp/bref 4 https://github.com/screetsec/VDD 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/kimai/kimai 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/oroinc/crm 3 https://github.com/PrestaShop/productcomments 3 https://github.com/modxcms/revolution 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/facade/ignition 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/pixelfed/pixelfed 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/liufee/feehicms 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2