Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1ycjVjLTY5YzktZ2o5Zs4AA2R6
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01ZnhmLXgyMngtNXEzOM0yfg
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnd3ItNzczcS03ajNj
Path Traversal within joomla/archive zip class
Ecosystems: packagist
Packages: joomla/archive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05amY2LXdxMzQtZmc5d84AAj89
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yamM2LTNmaGotOHE4NM4AA2Xx
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyeGMtbXIydy1janB2
Open Redirect in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02MjJoLWNqZ2ctNW14Ns30Uw
Moodle allows attackers to bypass file-management restrictions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04dzNwLXFoM3gtNmdqcs4AAwSa
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNW01LWo0OGctZnIyNM4AAo2f
Moodle Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNWhxLTZmcmMtNjR2M84AA2bd
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ybWc5LWh2NjktODk3eM4AAhhO
Moodle Ability to delete glossary entries that belong to another glossary
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mcDVtLTRtcWgtODQ5cM4AAilO
Magento 2 Community Edition Insufficient Logging
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12OTl3LWp4cjQtdzZtY84AAilL
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NjU5LWc5cDQtMzU0Zs30MA
Moodle allows attackers to bypass a forced-password-change requirement
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcjgtNnE3ci1tNHdn
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qMnc0LTQ1cW0tcjY3NM4AAiZq
direct_mail for Typo3 sensitive data exposure
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcDRoLWoyMnItdndjds30SA
Moodle allows attackers to obtain sensitive course information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNHgzLXhtanYtcjc3OM4AAitR
Pimcore Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04M2oyLXFoeDItcDdqY84AA2_W
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zbXhxLXY5cnctbTZ4Oc4AAhlR
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMzZqLXJmeDUtd3EzOM4AAvsL
OpenCart SQL injection vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03N212LXA5NGYtcWNxNM4AAhld
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04djc1LThqajgtNzdnZs4AAhks
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS01M202LTQ0cmMtaDJxNc0uRQ
Missing server signature validation in OctoberCMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12eDJnLWY0NXAtajY3NM4AAhkq
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13OHFnLWo5ZnAtaHJqZs4AAcvj
phpMyAdmin Improper Input Validation
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oOXc4LTQzNzYtajM0NM2NFA
Moodle does not properly validate module instance id
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yOTkyLXhwaDYtaDd4Ms0reA
Open redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw
Subrion CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oNTM4LXI5eDYtcmNtY84AAzYj
LavaLite vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05d3FyLTk3ODctcDRyZs4AAtSg
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yM2ZnLTNyODgtNngzZs4AAzRF
Ibexa User Settings are accessible on the front-end for anonymous user
Ecosystems: packagist
Packages: ibexa/user
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01MjVnLXJ2aDQtdjVjOc4AAhlF
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeHAzLW1tdzctODI4Nc4AAhlC
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDlqLTQ0MngtaGpwN80t0g
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tOTg4LTczNzUtN2cyY84AA2Bx
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zNXdmLTN3cTItcjNoeM4AAx9e
Moodle has Incorrect Default Permissions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcTd4LWdtOXItdjhtN830GQ
Moodle allows attackers to obtain sensitive information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1waGhtLTYzeHgtdjlycs4AAbZy
phpMyAdmin Reflected File Download attack
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmhtLWhycjItNnAycc4AAq8b
Cross-site Scripting in Bootstrap-3-Typeahead
Ecosystems: packagist, npm
Packages: bassjobsen/bootstrap-3-typeahead, bootstrap-3-typeahead
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yN2oyLWM4MzgtYzNxZ830Bg
Moodle Arbitrary File Read via XML External Entity vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNndtLW1yODUtNGg5Z84AArjb
Cross site scripting in facturascripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3gtNGd4eC1oNDhm
Users can edit the tags of any discussion
Ecosystems: packagist
Packages: flarum/tags
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3
phpMyAdmin Denial of Service (DoS)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qdnE0LWNnZnctamdmNM4AArgU
Cross site scripting in intelliants/subrion
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnJqLTh3Z2ctbW00M800GA
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djktMmZweC1qNWc5
CSV Injection vulnerability with exported contact lists in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS02cDNnLWh3MjctcWg0NM30bw
Moodle's time-validation implementation allows bypassing intended restrictions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3E4LW00eHctYzY3NM4AAtBx
Hybridsessions does not expire session id on logout
Ecosystems: packagist
Packages: silverstripe/hybridsessions
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS03bWM2LXg5MjUtN3F2eM4AA3k_
Test code in published microsoft-graph-beta package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-beta
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qOWN3LTVjcGotOXFqNc4AAx9i
Moodle has a Hidden Functionality vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cmp2LXh4Z3ItdjU3eM4AAvt6
Froxlor vulnerable to code injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqeGgtNzg5Zi1wN202
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy
phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03bWM0LWpwNGYtdjJqMs4AAw-x
Improper Authorization in grumpydictator/firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs
Drupal sensitive information disclosure
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NzRxLXdmY3AtdmMycc4AAj8n
Moodle Email media URL tokens were not checking for user status
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG
phpMyAdmin Global variables scope injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ydzI2LWdtcW0tbWM1cM4AAhkf
Magento 2 Community Cryptographic Flaw
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a
Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4dzQtdzc3dy1xdjN3
Reflected XSS with parameters in PostComment
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tMnd2LW01cGYtMjg0cs02KA
Cross-site Scripting in teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00MnFtLTh2OG0tbTc4Y84AAzlJ
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xNnZ3LTI3YzYtanY5Y84AArJl
Moodle Persistent Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nMzljLW1jY2Ytcnhqds4AAquv
Moodle Insecure direct object reference (IDOR) in a calendar web service
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNjNoLXE0eDMtNmh3as30oQ
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00and4LTc4dngtZ202Z80ajA
Cross-Site Request Forgery in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nang2LTU4eGgtcDdwd84AAUbH
Bolt Cross-site Scripting (XSS) via text input click preview button
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES
phpMyAdmin full path disclosure vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1najI2LWc1cWYtanJoN80sYA
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12ODgyLTk0OXgtNnYyOM4AATe3
SimpleSAMLphp allows timing side-channel attacks
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP
phpMyAdmin Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMnhmLXAyNzQtZzhjY84AAgZJ
Cross-site Scripting in Jirafeau
Ecosystems: packagist
Packages: mojo42/jirafeau
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xM3A0LXYyY20tcTk0Nc4AAzWk
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycDM0LTg1eDMtMzc2NM0r8A
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04am1qLTRwMzItbWM5cM4AAhK7
infusionsoft-php-sdk reflected Cross-site Scripting
Ecosystems: packagist
Packages: novaksolutions/infusionsoft-php-sdk
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFweHctNjQ3My1wcHd3
Session Fixation in Subrion CMS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaDZ3LXBxNTItcXh4cc4AAxuy
Pixelfed may allow unauthorized actor to view private posts
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tZzVoLXJoanEtNnY4NM4AAvmM
phpMyFAQ vulnerable to reflected Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jajNjLTV4cG0tY3g5NM4AA6dz
Kimai API returns timesheet entries a user should not be authorized to view
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qNjVyLWc3cTItZjh2M84AAzeX
Pimcore customers' list user password hash is disclosed
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jOTYyLWc1MzMtODIzZs4AA4gW
Cross-site Scripting in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qOGN3LXBwbXYtd2o4Nc4AA3v9
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
Ecosystems: packagist
Packages: t3s/content-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zODR3LXdmZnIteDYzcc4AA7v5
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS13OThnLTVmbXgtd200eM4AA3Mk
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Ecosystems: packagist
Packages: pocketmine/raklib
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14YzdxLXE2MmYtd2N2cs4AAe6Q
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2