Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS05dzdoLTN3d2gtNm01cc0_yw
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01and2LW04aDMtNjljZ84AA2Jw
phpMyFaq Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nbWgzLXg1dzctamc1bc4AAtKq
Microweber before v1.2.20 vulnerable to cross-site scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xYzQzLXBnd3EtM3Eycc4AAu16
Shopware access control list bypassed via crafted specific URLs
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zdzk2LXA2dmgtYzI5OM4AAxni
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1neDRyLWZ2d2ctODY3OM4AAzos
Admidio vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00N3d3LW1xMzItZzR4d84AAe0B
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cGhyLTYzN2ctcHhyZ84AA3P2
LibreNMS Cross-site Scripting at Device groups Deletion feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03dnhjLWNocWotaDgzZ80eiw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwdzUtZ3J4eC12Mzk2
CSRF token exposure in TYPO3 extension
Ecosystems: packagist
Packages: lms/routes
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yY2pmLXc3YzQtZmhmNs0qIQ
Cross-site Scripting in Beanstalk console
Ecosystems: packagist
Packages: ptrofimov/beanstalk_console
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02eGozLWZocmYtcmpnY81Bgw
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00djM3LTI0Z20taDU1NM0vgg
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNGhqLXY4Zm0teDg4N84AA1CJ
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02d3JoLTI3OWotNmh2d80xMQ
HTTP caching is marking private HTTP headers as public in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NmczLWY5cjgteGo0ds4AAzpL
Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xNXEzLXFtMjYtOWp3bc4AA3-T
Authenticated Blind SSRF in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mMjN4LTRnZjQtbTlmZs3foQ
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN
Symfony vulnerable to Session Fixation of CSRF tokens
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12ZjdxLWcycHYtanh2eM4AAyO9
Pimcore vulnerable to improper quoting of filters in Custom Reports
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNTh2LWczcTYtcTlmeM0Wqw
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NnYtZnZ2eC00OTMy
Arbitrary File Deletion vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1mcXg4LXYzM3AtNHFjY80rtQ
Cross-site Scripting in enshrined/svg-sanitize
Ecosystems: packagist
Packages: enshrined/svg-sanitize
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14ajR2LWdwNHEtaDZxcc4AAnt5
qcubed reflected cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: qcubed/qcubed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ZjQ1LTlxcnctcHA0ds4AAyQt
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs
Drupal cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12Y3ByLWhtMm0tZ2pqas4AAzA3
Reflected cross site scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Y21tLTUyY3YtNmh2Y84AAwgb
Microweber vulnerable to Stored Cross-Site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Nm1oLTd4cHItcWNnd84AAQVQ
October CMS - RainLab Blog Plugin XSS
Ecosystems: packagist
Packages: rainlab/blog-plugin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzNyLXY4ODgtdmdjNs4AAimA
Magento Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NzQtang3bS14Nmh2
XSS vulnerability in theme config file in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mdzg0LXhnbTgtOWptds4AAy-7
Open redirect vulnerability on CMSSecurity relogin screen
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nY3Y2LTJ2OWMtcmo0OM4AAh9v
Cosenary Instagram-PHP-API contains reflected XSS vulnerability
Ecosystems: packagist
Packages: cosenary/instagram
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zOGg2LWdtcjItajR3eM4AAyg7
Silverstripe Form Capture vulnerable to stored cross-site-scripting
Ecosystems: packagist
Packages: andrewhaine/silverstripe-form-capture, bigfork/silverstripe-form-capture
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NzYyLTQ3dmgtajdxM84AAnVM
Feehi CMS vulnerable to Cross-site Scripting in Username Field
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNzItcDJ3bS02NzM4
Persistent XSS vulnerability in filename of attached file in PrivateBin
Ecosystems: packagist
Packages: privatebin/privatebin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS14YzRwLWo4OWMtcDd4Nc4AAlcF
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NDdqLXJ3OWgtNm00N84AAWS6
Pagekit open redirect vulnerability
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcmhxLXg3eGgtMjc4NM4AAmIX
Froala WYSIWYG Editor XSS Vulnerability
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05N2ZwLTVtODctcjltZs4AAhSf
Dolibarr Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01MjI5LTk0cDMtN3d3cc4AAujV
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tMzk2LTJ4M2gtdjN2NM4AAlGL
Dolibarr reflected cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZmNnLTJxZ3ItdjI0M84AAtly
Microweber before 1.2.21 vulnerable to reflected XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xY3JqLTZmZmMtdjdocc4AAx7K
Craft CMS Stored Cross-site Scripting Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03N2NxLXdncGYtZzQ0Oc4AAUzp
Coaster CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: web-feet/coastercms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00aGYzLTIyOXctNmg4cs4AAja4
Dolibarr cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02aHYzLTlmcXgtOHBnNc4AAxPm
CImage Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: mos/cimage
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qeGpjLTZ4bWgtaDdtZ84AAmQ0
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mdjdtLXdjM3Ytd3Izd84AATe6
SimpleSAMLphp XSS Vulnerability
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN
Moodle vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1xM3IyLTIzcjgtd3FyOc4AAxz6
frp_form_answers allows Cross-site Scripting
Ecosystems: packagist
Packages: frappant/frp-form-answers
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2YzUtdjdody1oNWgy
Cross-site Scripting in RosarioSIS
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wMmZtLThyaGotNThmcs4AAWz6
Dolibarr Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNGZoLWdwdmgtNzUzZ84AARuN
Yab Quarx persistent cross-site scripting vulnerability
Ecosystems: packagist
Packages: yab/quarx
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zbW1oLXZxOXctNGMzZ84AAwdo
Microweber vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1ydmpwLWo1ajQtYzlqNc4AA1P9
Gila CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04dzN4LXI2eDctYzVyNc0ayw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13cGZwLXE4NDMtdjc3Ms0XzA
Cross-site Scripting in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tajlyLWZwdjMtcmdmeM4AAy6p
Shopware vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xYzJwLTZxcmYtMjVqMs4AAq22
laracom Cross-site Scripting
Ecosystems: packagist
Packages: jsdecena/laracom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00YzV3LXFxZmctZ3JmM831xg
Symphony CMS XSS Vulnerabilities
Ecosystems: packagist
Packages: symphonycms/symphony-2
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02Z3J2LWh3OGctNGdmbc4AAg0f
PrestaShop Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNjZoLWNjOTYtYzMycc0WYg
Cross-site Scripting in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOXhyLThjeDctNTNwas4AAw_R
phpMyFAQ Reflected Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14dnZ2LXdqN2otcjlqbc0fYg
Cross-site Scripting in Netgen Tags Bundle
Ecosystems: packagist
Packages: netgen/tagsbundle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0
ProcessWire vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyYzUtaHgzdi0yamc3
Sanitizer bypass in svg-sanitizer
Ecosystems: packagist
Packages: enshrined/svg-sanitize
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS1yd3FxLXA0cDktNXdwcc0dDg
Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.
Ecosystems: packagist
Packages: gaoming13/wechat-php-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xNnY0LXhqcDItOGdnds3yJg
Securimage HTML Injection
Ecosystems: packagist
Packages: dapphp/securimage
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ2M1LTNoM3AtOHZwZs4AAUa8
Dolibarr reflected cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY
phpMyAdmin XSS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12Y3djLTZtcjktOG03Y80l9A
Cross-site Scripting in phpmyadmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yM3I1LWZxZm0tOXdyaM4AAUCh
Dolibarr Stored Cross-site Scripting in expensereport/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNjlyLTRoNjgteHE3as4AAkyr
Knock Knock plugin Open redirection vulnerability
Ecosystems: packagist
Packages: verbb/knock-knock
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00N202LTQ2bWotcDIzNc4AAu1r
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mMmc1LTQyNmYtMzUzcc4AArc_
Cross-site Scripting in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13OTY5LXBxNngtMjY3as3zeQ
INTER-Mediator Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: inter-mediator/inter-mediator
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cXhoLWhjcjktMjM3Oc4AAq04
Shopware Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4bWotcHc1Ny00dm0y
Cross-site scripting in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS02ajRqLTIycWctOWZmbc4AApVz
NukeViet Cross-site Scripting via the editor in the News module
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yY2c5LWhyaHgtNnE2Oc4AAyMM
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ocXY5LTZqcXctOWc4bc4AA0pt
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qOG14LXgzMnItNXJmNM4AAbYu
phpMyAdmin XSS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yOHZoLWNtOWYtcmMyOc4AAbxF
Magmi XSS Vulnerability
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1md2h2LTlwaGotd3JqNc4AAyjA
Uvdesk vulnerable to stored cross-site scripting (XSS)
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cjlnLXc0OHEtOGp3bc4AAviu
HyperDown vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: joyqi/hyper-down
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA
phpMyAdmin Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXE4LTd4MjItNXg3N84AA10m
Cecil Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cecil/cecil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05M2dqLXJnOTgtaDdtbc4AAbO0
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncm1qLWdwd20tOTh3d84AAxt7
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj
phpMyAdmin Cross-site Scripting (XSS) in the import dialog
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2