Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS12cWc3LTh2NngtNTRycc4AAlf3
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05MnBoLXhtOXYtY2czas4AAilA
Magento Broken authentication and session managememt
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yY2czLXc1OTctcmpmds4AAilH
Magento 2 Community Edition Arbitrary File Deletion
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZngtM3Y0Zi1td3ht
Bypass of sitemp access restrictions
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1mMmczLTNjNnEtNDQ3OM4AAmmC
Magento 2 Community Edition Incorrect Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cGdjLXJ2cDktcnF2M84AAhk0
Magento 2 Community Edition Information Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4djktM2pqcS1ydnA0
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1taHhqLTZ2ZjgtbXd2M84AAbZ6
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00MjZxLTk3NXAtdzVjcs4AAbZv
phpMyAdmin Denial of service (DOS) attack with dbase extension
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-
phpMyAdmin Arbitrary file read vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3
phpMyAdmin Denial of Service (DoS)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5
phpMyAdmin DoS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzdnLW13Y2ctN2o3ds4AAvH2
Moodle Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yODRmLWYyaHctajJneM0WYw
Server-Side Request Forgery vulnerability in concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qM3Y4LXY3N2YtZnZnbc4AAz6D
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS05NDM2LTNnbXAtNGY1M84AA0zw
grav Server-side Template Injection (SSTI) mitigation bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 10 months ago
High
GSA_kwCzR0hTQS05Nnh2LXJtd2otNnA5d84AAz6C
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
Grav File Upload Path Traversal
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handler
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS13aHI3LW0zZjgtbXBtOM4AAz6E
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1jeGd3LXI1amctN3h3cc4AAtB6
Code injection in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00eGY5LTRyNDQtODZyY80_iQ
ImpressPages CMS RCE
Ecosystems: packagist
Packages: impresspages/impresspages
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zMmdyLXg3NmctMjY3d84AAxhv
SQL injection in webbuilders-group silverstripe-kapost-bridge
Ecosystems: packagist
Packages: webbuilders-group/silverstripe-kapost-bridge
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmMjMtZjI2Zi1tamo5
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS1yZzhtLTg0amYtOTM2N84AAkni
Incorrect Authorization in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yZ2NwLXh3eGctaHFnM84AAlyr
Dolibarr Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djd2LTZtbW0teGp4bc4AAlC9
Dolibarr SQL injection vulnerability in accountancy/customer/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
GSA_kwCzR0hTQS04NGdoLTRtMzYtY2dxeM4AAW4x
Dolibarr SQL injection via type parameter in product/stats/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS05OTg2LTZtNGctMjVmNs4AAW42
Dolibarr SQL injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03OGhqLTk1MnEtOTlyd84AAUaT
Dolibarr error-based SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS05N2p2LTJocDYtM2Zyas4AAUZa
Dolibarr SQL injection vulnerability in user/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzMnctM2NxaC1mNmp4
Weak Password Recovery Mechanism for Forgotten Password
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycndoLTI2MnItcjg1as4AAhdz
Dolibarr ERP and CRM malicious executable loading
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cmYtcTdoOC1qanI3
Authorization Bypass Through User-Controlled Key in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS1wZ3dwLWYzeGgtbTI0Z84AAhqY
Bagisto CSRF Vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNjZ4LXdtMjcteHhwY84AAkZr
Dolibarr Cross-Site Request Forgery Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00MnFtLWMzY2YtOXd2Ms0vxw
Code injection in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cmdwLTNwaDYtMnd3cc03dQ
SQL Injection in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jd2dtLXF3OHYtaHJyZ84AAbdO
Dolibarr ERP and CRM Unsafe File Upload Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS05d3FyLTVqcDQtbWptaM4AAzgy
Dolibarr vulnerable to remote code execution via uppercase manipulation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1od21jLXY2ajYtZ2MycM4AAhVT
Dolibarr Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcXBxLTZ3ODktZjdteM4AA5Zp
Pimcore Host Header Injection in user invitation link
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 3 months ago
High
GSA_kwCzR0hTQS12N2NyLXc1djYtNjY1Oc4AAQVd
October CMS Local File Inclusion
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5bWctNHcyMy00ZnFj
Unauthenticated SQL Injection in Cachet
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNmo0LThyN3Atd3BwM80WNw
BuddyPress privilege escalation via REST API
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcmNqLTZmanctM2g5aM3rsA
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nNmg2LTRmcDYtdzMzd84AAx9f
Moodle vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yNmhoLTVnM3Etd3dnY80zGg
Stored Cross-site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tOTgzLXE3NmctY3dwcc4AAk0g
Gravity Forms plugin leak hashed passwords
Ecosystems: packagist
Packages: wp-premium/gravityforms
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yMzQ1LXg4aHItMnI5cM4AAlIX
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
Ecosystems: packagist
Packages: airesvsg/acf-to-rest-api
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cHE5LWM2N3EtMjNmcc4AAYvw
Fastly Magento2 sensitive information disclosure
Ecosystems: packagist
Packages: fastly/magento2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqNzgtN201OS1yN2d2
Private data exposure via REST API in BuddyPress
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 4 years ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wN3JtLWdoOWctNWZyOM4AAkx_
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
Ecosystems: packagist
Packages: verbb/image-resizer
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nY2dqLXFoOHAtNTdobc4AA5LF
October CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NW02LTJtNzgtNHZyMs4AAhkr
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeGpjLTZ4bWgtaDdtZ84AAmQ0
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzI4LWp3ZjUtZjVyNc4AAhlJ
Magento Reflected cross-site scripting on customer cart page
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzNyLXY4ODgtdmdjNs4AAimA
Magento Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNXEzLXhnNDctNjUzbc4AAjck
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magneto/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yZzdwLXdtZ2otZjM3NM4AAuCM
Magento stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtNjgtODltOC00Z2pq
Composer JavaScript injection possible via html comments
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1tZ2czLXY5NDgtMnZncs4AAjcg
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ydzJ4LTdxZ2otNHg3OM4AAlJ8
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ODl3LTJmOTMtMng2N84AAlKJ
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03MzNxLW0zOHgtcTdjY84AAhQV
Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14M2ZyLXc3cjUteDdyZ84AAhQR
MediaWiki Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01YzZ3LWY0dzItMmdycM4AAQ4F
Mediawiki BotPassword can bypass CentralAuth's account lock
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocjh2LWY0ZzItcDY2Zs4AAQ3X
Mediawiki information disclosure vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14YzdxLXE2MmYtd2N2cs4AAe6Q
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qNTQ1LWZyaDMtcjlncc0jxg
SQL Injection in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13MjY3LW05YzQtODU1Nc0xLw
Shopware user session is not logged out if the password is reset via password recovery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wbTc3LWM0cTctM2Z3as0Wcw
Improper Certificate Validation in Heartland & Global Payments PHP SDK
Ecosystems: packagist
Packages: globalpayments/php-sdk
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aGZwLTl3dmotZ3d2Z80WyA
XML External Entity vulnerability in MODX CMS
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Nm1oLTd4cHItcWNnd84AAQVQ
October CMS - RainLab Blog Plugin XSS
Ecosystems: packagist
Packages: rainlab/blog-plugin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02aHIzLTQ0Z3gtZzZ3aM4AAxks
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG
phpMyAdmin Global variables scope injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy
phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R
phpMyAdmin SQL injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jaGdjLXJxanItNDZnZ84AAxAo
simplesamlphp-module-openidprovider Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openidprovider
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4dzUtajh4ai0yeHdj
Cross-site Scripting in the yoast_seo TYPO3 extension
Ecosystems: packagist
Packages: yoast-seo-for-typo3/yoast_seo
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2Zm0tdjl3di01Nmpm
Cross-site Scripting in OpenCart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1wdzM0LXFmNmMtODRmY84AAVDw
phpMyAdmin XSS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12YzVyLXhmYzQtNHgyMs01hw
Cross-site Scripting in Pimcore Datahub
Ecosystems: packagist
Packages: pimcore/data-hub
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdndmLXczNW0tNnI5Nc4AAXiU
XXE Vulnerability in XMLBundle 0.1.7
Ecosystems: packagist
Packages: desperado/xml-bundle
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
Ecosystems: packagist
Packages: 3f/pygmentize
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zeDN3LXZjangtNzc5Ns4AAra1
Cross-Site Request Forgery in easyii CMS
Ecosystems: packagist
Packages: noumo/easyii
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy
phpMyAdmin Bypass logout timeout
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES
phpMyAdmin full path disclosure vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ybW1mLTV4aGgtZ2cyN84AAbY0
phpMyAdmin path disclosure
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7
phpMyAdmin Local file exposure through symlinks with UploadDir
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05eGhxLXBtN3YtNjkzcM4AAbZM
phpMyAdmin Cryptographic Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2