Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nN3BjLTc5OXEtNzQzZs4AAlf2
Magento DOM-based Cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Z3A5LWo0OGgtampmOc4AAlfm
Magento observable timing discrepancy vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cWc3LTh2NngtNTRycc4AAlf3
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcjZmLXhtZngtcnJwcc4AAlf1
Magento path traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1meGYzLXd4M2MtNzZwZs4AAleW
Shopware vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01dm1nLXg5OWctMzk2cc4AAld_
Shopware vulnerable to SSRF
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNHBoLW14NjcteDU4cM4AAleY
Shopware database password is leaked to an unauthenticated users
Ecosystems: packagist
Packages: shopware/platform, shopware/shopware, shopware/core
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cWdoLW05dnAtNDh4cM4AAlcr
MunkiReport Software Update module is vulnerable to SQL injection
Ecosystems: packagist
Packages: munkireport/softwareupdate
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OXE0LTVmM2MtY3c2Ms4AAlct
MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: munkireport/munki_facts
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xdnc5LTY1Njctd3E3OM4AAlco
MunkiReport reportdata module SQL injection vulnerability
Ecosystems: packagist
Packages: munkireport/reportdata
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12YzRmLTJnN2YtcG1xcs4AAlc2
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Ecosystems: packagist
Packages: munkireport/munkireport, munkireport/managedinstalls, munkireport/comment
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03OXhyLXY3OTQtd3EzNc4AAlcx
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: munkireport/munkireport, munkireport/managedinstalls
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14YzRwLWo4OWMtcDd4Nc4AAlcF
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zMzdjLTNyY2gtcTM1as4AAlcG
Magento php object injection vulnerability
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNXI2LXZybXgtOWd3as4AAlbR
LibreNMS SQL Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wbXhnLXc5YzctZmZtcc4AAlY3
Microweber Discloses Sensitive Information
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNzd3LTY1NWYtNmozbc4AAlYn
Silverstripe CMS malicious file upload enables script execution
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ODlxLTc1cjMtbWZxNM4AAlYy
Silverstripe has Incorrect Default Permissions
Ecosystems: packagist
Packages: silverstripe/graphql, silverstripe/recipe-cms
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx
Silverstripe CMS information disclosure
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZzQ4LW1wcDgtY2dxY84AAlP3
ke_search for Typo3 XSS Vulnerability
Ecosystems: packagist
Packages: tpwd/ke_search
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2ZtLXY4OTUtM3F4cc4AAlQF
jh_captcha for Typo3 XSS Vulnerability
Ecosystems: packagist
Packages: haffner/jh_captcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01ajR3LXY4N20tOHI2Nc4AAlK_
Magento business logic error vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02dzI5LXg1ajQtcWhyd84AAlK8
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nZmZ4LTlmMzYtcjh3cM4AAlLD
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13N3JoLTl3NXYtcndxas4AAlKh
Magento defense-in-depth security mitigation vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jNTVoLTdxNGotZzZycc4AAlKQ
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jM200LWh4djktNG14as4AAlKP
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qMnI0LTJjcjYtaDNyM84AAlKd
Magento Signature verification bypass
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01NWd2LWhmZzMtaHdqcc4AAlKV
Magento Defense-in-depth security mitigation vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NWg0LTZnY2otNmh3ds4AAlKO
Magento Stored cross-site scripting
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04d203LWgycWgtZmY0Y84AAlKU
Magento authorization bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03MjR4LWdxaHYtOWM1eM4AAlJ-
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cnAzLXdjMjgtcWcyaM4AAlKN
Magento Security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00Zjd4LWdqcWMtcXFwZ84AAlKL
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ODl3LTJmOTMtMng2N84AAlKJ
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ydzJ4LTdxZ2otNHg3OM4AAlJ8
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qMmpwLTU4Z3YtZzJwZ84AAlLP
Magento Security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yMzQ1LXg4aHItMnI5cM4AAlIX
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
Ecosystems: packagist
Packages: airesvsg/acf-to-rest-api
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03cnc1LTZwcjQtZmdoM84AAlHk
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnB4LWpjZ3ctOXg1N84AAlHz
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nM3hmLTg1d2MtNDVncc4AAlHZ
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzk2LTJ4M2gtdjN2NM4AAlGL
Dolibarr reflected cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oeDc5LXg4N2MtaGdtM84AAlGK
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yY21mLTg4cDQtOXdyZ84AAlFm
WooCommerce Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djd2LTZtbW0teGp4bc4AAlC9
Dolibarr SQL injection vulnerability in accountancy/customer/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14NmdxLXZyNTktNHE1cc4AAlAa
KumbiaPHP Cross-site Scripting
Ecosystems: packagist
Packages: kumbiaphp/kumbiapp
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXF3LWZoMzgteDM3Zs4AAk5J
OpenCart Cross-site Scripting
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02OXd3LXd2M2otbWhnNM4AAk4A
Comments plugin stored Cross-site Scripting (XSS) via an asset volume name
Ecosystems: packagist
Packages: verbb/comments
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qaGhmLWM4NDktM3JoMs4AAk37
Comments plugin stored Cross-site Scripting via a guest name
Ecosystems: packagist
Packages: verbb/comments
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cjhjLXBqN3gtbTVqeM4AAk3-
Comments plugin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: verbb/comments
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tOTgzLXE3NmctY3dwcc4AAk0g
Gravity Forms plugin leak hashed passwords
Ecosystems: packagist
Packages: wp-premium/gravityforms
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tcWh3LXdxOHAtdmY1cs4AAk0V
MediaWiki Open Redirect vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1td3hoLTZqOXYtNDVwaM4AAkzb
bbPress unauthenticated privilege-escalation
Ecosystems: packagist
Packages: bbpress/bbpress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NGdjLWhmMzMtNTM1M84AAkyp
Fork CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNjlyLTRoNjgteHE3as4AAkyr
Knock Knock plugin Open redirection vulnerability
Ecosystems: packagist
Packages: verbb/knock-knock
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNXF2LXAzNzgtM2hocs4AAkyV
Centreon Sensitive Data Exposure vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13eHZyLXFxbTctNmg2Nc4AAkyU
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Ecosystems: packagist
Packages: verbb/knock-knock
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXhwLXhnaHAtZ3F2cM4AAkyl
bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section
Ecosystems: packagist
Packages: bbpress/bbpress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01djVxLTNtN20tOTdqN84AAkyB
Image Resizer Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: verbb/image-resizer
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wN3JtLWdoOWctNWZyOM4AAkx_
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
Ecosystems: packagist
Packages: verbb/image-resizer
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cjZ2LWc5NnAtY2pjM84AAkvA
Moodle vulnerable to RCE
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mdmY5LTJoanAtdzkzNs4AAkuv
Dolibarr Stored Cross-site Scripting via file upload
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OWZwLWo4djctcDgyaM4AAkuw
Microweber allows Unrestricted File Upload
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mODQ4LXI1ZzYtNmdwZs4AAkul
Dolibarr Stored Cross-site Scripting
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14dmd4LTY2OGotZjY3cM4AAktE
Subrion CMS XSS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jNHd4LTN4NXEtaGY0d84AAktI
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yM3E3LTU5amotMnBqNM4AAkqf
SEOmatic for CraftCMS allows Server-Side Template Injection
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZzhtLTg0amYtOTM2N84AAkni
Incorrect Authorization in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04M2g2LTIyY3AtZjIyd84AAkla
TeamPass files are available without authentication
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02amY5LThtMzQtOTZ3Nc4AAklT
TeamPass PHP arbitrary file include vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXFxLWh3OW0tNDQ4cc4AAkk1
Subrion CMS PHP Object Injection
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00ZjRoLWpnanAtM3ZmZ84AAkkz
Subrion CMS CSV injection via Export Language
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOTM4LTgyZnctd2ZjZs4AAkZg
Dolibarr stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNjZ4LXdtMjcteHhwY84AAkZr
Dolibarr Cross-Site Request Forgery Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OTJtLTQ1MzMtcnhxOc4AAkYY
SilverStripe Folders migrated from 3.x may be unsafe to upload to
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/userforms, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wZm0yLW1xd2otZ2dtNc4AAkIZ
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ydjYyLTZmNTYtajgzd84AAkF6
Moodle Oauth 2 Insufficiently Protects Against Compromise
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05cjJqLXJnMjQtZnZwas4AAkES
FrozenNode Laravel-Administrator unrestricted file upload
Ecosystems: packagist
Packages: frozennode/administrator
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qd3FwLXdoNWctNGdtbc4AAj_g
CodeIgniter Improper Privilege Management
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M
phpMyAdmin SQL Injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01NHA1LWd4cTYtajk4Z84AAj_C
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F
phpMyAdmin SQL injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R
phpMyAdmin SQL injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04aGMyLWh2cmMteDRxcs4AAj-M
phpBB arbitrary CSS injection
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NzRxLXdmY3AtdmMycc4AAj8n
Moodle Email media URL tokens were not checking for user status
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05amY2LXdxMzQtZmc5d84AAj89
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeGg1LTV2NXYtbWZnbc4AAj8g
Moodle reflected Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tOThxLXE1OXAtcjlmds4AAj8T
Moodle open redirect vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nOGo3LXc2NzMtNG1qcM4AAj7W
Subrion CMS CSRF Vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wbTU3LTkyNmMtMjhtcs4AAj6I
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04N3IzLTRnYzgtZjg5N84AAj6T
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qaDNqLXhmdjItZjltOc4AAj6Q
Dolibarr ERP and CRM SQLi
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZmhmLTJ4cjUtMmZ2d84AAj6U
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ocGoyLTRoZmotZzIzM84AAj0L
Fat-Free Framework arbitrary code execution
Ecosystems: packagist
Packages: bcosca/fatfree
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13ZzI0LTl4bTktNTkzds4AAjz8
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wMjljLWpwZ2otdjU3cs4AAjxW
Froxlor arbitrary code execution via the database configuration options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOXdyLW1qNjktY3Ftds4AAjxa
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1odmdmLTJyZjctd3J4Oc4AAjxY
Froxlor Information Disclosure
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02cTRqLThwam0tNW1nY84AAjvL
SEOmatic for CraftCMS allows Server-Side Template Injection
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2