Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmNHctZmc3ci01djk0
Improper Certificate Validation in phpseclib
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 5 months ago
High
GSA_kwCzR0hTQS13ajdxLWdqZzgtM2Nwbc4AA0Xq
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
Ecosystems: packagist
Packages: league/oauth2-server
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yMnB2LTd2OWotaHF4cM3grg
Symfony Host Header Injection vulnerability in the HttpFoundation component
Ecosystems: packagist
Packages: symfony/http-foundation, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qang1LWZxNWctOHhwY84AAdU8
Symfony Cryptographic Vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3bXItd2M3OS1tOGoz
PHPMailer untrusted code may be run from an overridden address validator
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNDQtcjI1eC13bTRx
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yYzh4LWpycmMtZnJmds4AAbh8
Laravel does not properly constrain the host portion of a password-reset URL
Ecosystems: packagist
Packages: laravel/framework, illuminate/auth, laravel/laravel
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NmhmLTJwNnctanFmd80Zdg
Laravel Framework XSS in Blade templating engine
Ecosystems: packagist
Packages: illuminate/view, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1nMzc3LXg4cmctYzltZs4AAtCY
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03NWZtLTUybW0tcTVybc4AAUy_
ThinkPHP SQL injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03OHE5LTI0Z3YtZzI4OM4AAUsf
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12Y203LTg4angtM3IzOc4AAU7K
ThinkPHP SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03eGZqLTRqcGctNTh2Zs4AAUsi
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zM2djLTZjdzktdzNnNM0ZXg
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qN2c4LTNxcWctOGN2bc4AAUrm
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14dmhyLTdxNHEtcWpncM4AAW36
thinkphp SQL Injection via the index.php s parameter
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNHFyLXZxMmctMjJ3cM4AAwkn
ThinkPHP Framework vulnerable to remote code execution
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nd3dxLTU0cXAtOXBncM4AAbgi
Zend Framework CSRF Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyZnItNjV2cC1teHcz
Deserialization of untrusted data in Symfony
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, symfony/symfony, symfony/phpunit-bridge, symfony/cache
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS0yamptLTZ3aHgtcDh3NM4AAYGH
filp whoops Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: filp/whoops
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04Z2ZxLWM1NG0tM3JmNs3_HQ
Yii Framework reflected Cross-site Scripting
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yeDNyLTdqZ20tZ2g4eM4AAy--
Remote code execution in Voyager
Ecosystems: packagist
Packages: tcg/voyager
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO
Symfony storing cookie headers in HttpCache
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yMnJxLTNoNTYtZnFtNM4AATu7
Symfony DoS
Ecosystems: packagist
Packages: symfony/http-foundation, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13dnI0LXc2Y3ctNHB4OM4AAige
Craft CMS possibility of brute force attempts
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyajctNmh4bS04N3Az
Craft CMS Remote Code Injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jNDlyLThnajYtNzY4cs4AAT5H
Symfony Directory Traversal
Ecosystems: packagist
Packages: symfony/symfony, symfony/intl
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnY3LWo1Z3Etd2NxNM4AAYbS
Laravel Sensitive Data Exposure
Ecosystems: packagist
Packages: illuminate/auth, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zY3djLW03YzItcXI4Ns4AAUM2
mPDF Unsafe Deserialization
Ecosystems: packagist
Packages: mpdf/mpdf
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0bTktNWhwZi1oeDcy
Firewall configured with unanimous strategy was not actually unanimous in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http, symfony/security
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS05bTQ5LXZod3YtNDIyZ84AAXdy
Smarty PHP code injection
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02ZnJ4LTJyNXctYzUyNM0_IA
Smarty3 Arbitrary PHP Code Execution
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNycGYtNXJxdi02ODlx
PHP Code Injection by malicious function name in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 3 years ago
High
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NTZxLWg0dnItcGdoMs4AAV_g
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjaHgtbWZyYy1md3Fy
Improper authentication in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: about 4 years ago
High
GSA_kwCzR0hTQS13aGd2LThjZzMtN2hjbc4AAdU9
Symphony Denial of Service Via Overlong Usernames
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xeDc2LWM1M2YtNWM3cc4AAUX9
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: league/commonmark
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2NDMtODc3eC1xZ21x
Moderate severity vulnerability that affects league/commonmark
Ecosystems: packagist
Packages: league/commonmark
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS00cm1yLWMyangtdngyN80l0A
Mustache remote code injection vulnerability
Ecosystems: packagist
Packages: mustache/mustache
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mcnFmLTlxcjQtNnZ4Zs4AAc9G
Drupal Saving user accounts can sometimes grant the user all roles
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ycGNqLTc2aGoteHFobc4AAb2x
CodeIgniter arbitrary code execution
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNm04LTZncTgtYzlmas4AAzbB
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1ncTZ3LXE2d2gtamdnY84AAyLG
PHAR deserialization allowing remote code execution
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS02eDI4LTdoOGMtY2h4NM4AAvDp
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zcTc2LWpxNm0tNTczcM4AA0fJ
Archive_Tar contains Potential RCE if filename starts with phar://
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yNzd3LXFweHItMjU0Oc4AAc12
MediaElement Vulnerable to Reflected XSS
Ecosystems: packagist, npm
Packages: contao/core, contao-components/mediaelement, mediaelement
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jN2Z2LXd2OWYtY2dqd84AAjJY
php-shellcommand command injection vulnerability
Ecosystems: packagist
Packages: mikehaertl/php-shellcommand
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12Y2dnLWhwNHItODdneM4AATl9
Contao Does Not Invalidate Existing Sessions When Password Changes
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qOTlnLXFqdngtOTk1Z83uwg
Contao Does Not Expire Tokens Correctly
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13MzhnLWhqNDUtbWpqcM4AAgjW
Contao SQL injection in the backend and listing module
Ecosystems: packagist
Packages: contao/listing-bundle, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cTU5LXg2bXEtNHdnd84AAhOk
Contao SQL injection in the file manager
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3aHgtZnF4dy1ydnZq
Insufficient output escaping of attachment names in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1ycjhoLWY5N3EtOHA5Y84AAv_j
Blind SQL Injection via GridFieldSortableHeader
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xZ3B2LTg2cjMtODdmaM028A
Cross-site Scripting in Parsedown
Ecosystems: packagist
Packages: erusev/parsedown
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS02dzR2LXFyNG0tOTdnZ80ucg
Multi-Factor Authentication issue in Laravel Fortify
Ecosystems: packagist
Packages: laravel/fortify
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dnItM203NC1qd3hw
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS04NmhwLXhyaGotZmhwcc4AAq1y
Typo3 Vulnerable to Insecure Deserialization
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yY2djLTR4ZmMtNTY0ds4AAi_c
TYPO3 Insecure Deserialization in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3ajktNDM0eC05aHZw
Insecure Deserialization in Backend User Settings in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw
Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNGY4LWY5M3gtNXFoM84AAxfl
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NnA2LTdwMjktNTVwOc4AAVWh
Symfony Host Header Injection
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14djNoLTQ4NDQtOWgzNs4AAy8-
HTTP Multiline Header Termination
Ecosystems: packagist
Packages: laminas/laminas-diactoros
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14anA0LTZ3NzUtcXJqN80vgQ
Remote CLI Command Execution Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyeGgtaDZoOS1xcnFj
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxanEtNjl3Ni1mZzU3
XSS vulnerability with translator
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01OWZoLXJqcTMteHE3as4AAwLl
Thinkphp has a code logic error
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS03NWpwLTg3dzItYzZ4Ms0qWQ
ThinkPHP Remote Code Execution (RCE) vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14NGp4LWhqd2YtZ2M5Oc05Yw
elFinder Unrestricted File Upload vulnerability
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cDk2LXZmcmMtZnYzMs06dQ
RCE in Studio-42 elFinder on Windows before 2.1.61
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00MjIzLXFqOTQtN3g5cM4AAQMh
elFinder command injection vulnerability in the PHP connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwaDMtNDRyai05MnBy
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3Z20tZjgzci12M3Fq
Improper Certificate Validation in WP-CLI framework
Ecosystems: packagist
Packages: wp-cli/wp-cli
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yeGhnLXcyZzUtdzk1eM0YGA
CSV Injection in symfony/serializer
Ecosystems: packagist
Packages: symfony/symfony, symfony/serializer
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yMzQyLXZqYzQtd3Jtas3_CA
Craft CMS PHP Code Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS01Y2pyLTc4Y3EtM3dyZ83kIg
Improper account password reset in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mang1LXhtN3Etd2h2as4AAzTe
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 12 months ago
High
GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6
Drupal arbitrary code execution
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL
Drupal access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk
Drupal Comment reply form allows access to restricted content
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD
Drupal Remote code execution
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM
Drupal saving user accounts can sometimes grant the user all roles
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp
Drupal File upload access bypass and denial of service
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2