Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02aGpjLW0zOGgtN2poaM4AArgg
Cross-site Scripting in SEOmatic plugin
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cDkyLWZ2NnYtZmhmas0vMA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05N3FmLXBxN3gtOTY0bc4AAxt9
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ncm1qLWdwd20tOTh3d84AAxt7
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qY2djLXZ4cWctODV4eM3swQ
Sensitive Data Exposure in elFinder
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: swiftmailer/swiftmailer, friendsofsymfony1/swiftmailer, friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05N3c5LWdjYzctdnI4Z84AAv5O
Insufficient Entropy in PHPServerMon PRNG
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14cDhwLTlycTUtNHdnds4AAcYZ
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zendxml, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWY1LXEzNHYtdnd2cM4AAv6h
Cross-site Scripting in Zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1
ProcessWire vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14M20yLTNwd2otOGZqNM4AA0Bx
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13cjc0LTJ2NjYtNTdwcM4AAvmN
phpMyFAQ vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tcmMyLWg3cTItcHA5N84AAhVY
Firefly III vulnerable to reflected cross-site scripting
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yd21qLThtcWctcjlxOM4AAx9m
Moodle has Incorrect Default Permissions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndjhmLTQzcGctYzVxd84AAx9j
Moodle Improper Input Validation vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xY2g0LWptZjgteHZwN84AAv9Z
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zbW1oLXZxOXctNGMzZ84AAwdo
Microweber vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00M3FxLXF3NHgtMjhmOM4AAvar
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN
Moodle vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00OW12LXZmY3AtOGdnOc4AA0AP
Moodle vulnerable to SQL Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yMmdqLThxajItZmo0Ns4AAzEK
Moodle External Control of File Name or Path vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcjZmLXhtZngtcnJwcc4AAlf1
Magento path traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12ajVwLWZwNDItNzc0cM4AAyQ1
Moodle may display roles to users who don't have access to them
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qODVmLXh3OXgtZmZ3cM0cvw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcmYtdjlxbS05Yzg5
Cross-site Scripting in the femanager TYPO3 extension
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZjQ1LTlxcnctcHA0ds4AAyQt
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2aDUtcDZyNi1nMnFj
Exposed phpinfo() leadked via documentation files
Ecosystems: packagist
Packages: phpfastcache/phpfastcache
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcmptLTJmajItNzg3Zs4AAyQo
Moodle may allow teachers to access the names of users they could not otherwise access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yNjR3LWd3OWctZmhnas4AAv9b
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bXFxLTdnMjUtcjR3eM4AAvIZ
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NDUzLWcyOTUtMjRtaM4AAs5Q
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13M3hnLTdxNm0tM3h3cM3kQg
Improper Access Control in wp-graphql
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14d2o3LTI5ajctcnc3Ns4AAs5R
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02cTlnLTN2ZnEtcTJxas1RMw
Improper Authentication in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nZjM0LWhoNXItZjc0aM4AAxkK
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h
Microweber Cross-site Scripting can result in redirection to a malicious site
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13eHZmLTgzOWYtanFtaM4AAu32
Craft CMS Cross site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oamhwLWh3ZmotaHdmM80ZNQ
Cross Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjdnLThxM3gtanB4Oc4AAs5A
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcDljLXBoeHgtNTV4bc4AAwPH
phpMyFAQ vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02bTI3LTNyOHEtYzdmN84AAily
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03cGZjLWN4M20tdjIyeM3X5Q
SCart is vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: s-cart/s-cart, s-cart/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yN3A2LWZyM3gtcjg3N84AAfus
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcXg4LXYzM3AtNHFjY80rtQ
Cross-site Scripting in enshrined/svg-sanitize
Ecosystems: packagist
Packages: enshrined/svg-sanitize
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajZtLTI0NmgtOXc1Ns0vhQ
Improper regex in htaccess file
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocHg0LXhqcDctbTR2cs1A3A
Stored cross-site scripting in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02MzQ2LTVyNGgtZmY1eM3f0Q
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3gyLTdoOHItanE0bc4AAuav
Kirby CMS 2.5.12 Cross-site Request Forgery
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oM3cyLXFnMnItYzdtZs4AAubL
Kirby CMS 2.5.12 Cross-site Scripting
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xdmh2LXB3d3ctNTNqas4AAjbG
Typo3 Cross-Site Scripting in Flash component (ELTS)
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12aHFyLTNncjItN3B4Oc4AAU4H
Subrion CMS Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHdxLWg3cjktNncyN80Xuw
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oODNoLTc3eDItNnc2Z84AAy7Y
Information exposure in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yZmYyLXZxbTMtanB2Nc4AAuiW
snipe-it vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05eGdwLTNteHAtcnY3eM4AAugs
Froxlor vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oMjJxLWcyYzctMmp3as2lHg
Joomla! vulnerable to CRLF injection
Ecosystems: packagist
Packages: joomla/application
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNmg4LXFqamMtajhjZ84AAuh-
Pagekit CMS cross-site scripting in Markdown text box where articles are edited
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNWpoLXE2bXAtOWM4cM4AAegd
ImpressCMS Cross-site scripting Vulnerability
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cjRmLWpydnctaDcyN84AAuzP
Feehi CMS host header injection vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1jY2ptLXJnbTUtcmpqaM4AAhls
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXF3LWZoMzgteDM3Zs4AAk5J
OpenCart Cross-site Scripting
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00d2ZjLWdodjUtMnY3as4AAyeo
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qdjY0LTJtM3gtNnY0cc1RHw
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13MzkyLTY4cmctcGdnNM4AAhlc
Magento 2 Community Edition CSRF vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcnZyLWdtcXYtaGdyaM4AAvxg
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wODg1LXBydjMtbTR4ds08xg
Cross-site Scripting in snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qd3ZmLTI4ZmctZzR4Z84AAtcS
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0M3EtZzlqMy1xZjZy
non-admin users can create integration role with administrator role
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02cjZoLXZoZzctNTN4N84AAoKy
Cross Site Scripting (XSS) in LavaLite 5.8.0
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxM3ItandycS14ZzZ3
Canceling of orders not related to the logged-in user
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14OXhqLXBxbXYtOGpmN84AAzAB
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00bTJnLTY2OHYtandqeM4AAuGj
Cross site scripting in getkirby/starterkit
Ecosystems: packagist
Packages: getkirby/starterkit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zdzk2LXA2dmgtYzI5OM4AAxni
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05dzdoLTN3d2gtNm01cc0_yw
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNTh2LWczcTYtcTlmeM0Wqw
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ODNtLXJnaGgtZnJ4as4AAuYe
Cross site scripting in yetiforce/yetiforce-crm
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zeDN3LXZjangtNzc5Ns4AAra1
Cross-Site Request Forgery in easyii CMS
Ecosystems: packagist
Packages: noumo/easyii
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03bTlyLXJxOWotd21taM4AAw1h
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMzZqLXJmeDUtd3EzOM4AAvsL
OpenCart SQL injection vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oOXc4LTQzNzYtajM0NM2NFA
Moodle does not properly validate module instance id
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNTN2LXFtcngtOTNoZ80hAQ
Open redirect in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmhtLWhycjItNnAycc4AAq8b
Cross-site Scripting in Bootstrap-3-Typeahead
Ecosystems: packagist, npm
Packages: bassjobsen/bootstrap-3-typeahead, bootstrap-3-typeahead
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnJqLTh3Z2ctbW00M800GA
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cWNjLXdoZ3AtcGpqMs0wag
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMnd2LW01cGYtMjg0cs02KA
Cross-site Scripting in teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05NDhmLWo0NjQtcmZqMs4AAyRz
Moodle may allow students to bypass sequential navigation during a quiz attempt
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14djVmLTI5OTctcWhycc4AAbrG
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yMnJxLTNoNTYtZnFtNM4AATu7
Symfony DoS
Ecosystems: packagist
Packages: symfony/http-foundation, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mMmpoLW1mMmMtODI3OM4AAx0h
Pimcore vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNm1wLTU2MngtZ2d2ds4AAtGX
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2