Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1jcXFoLTk0cjYtd2pyZ84AAV2m
Symfony SSRF Vulnerability via Form Component
Ecosystems: packagist
Packages: symfony/symfony, symfony/form
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNzd3LTY1NWYtNmozbc4AAlYn
Silverstripe CMS malicious file upload enables script execution
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmY2YtbTY3bS1qY3Jx
Authentication granted to all firewalls instead of just one
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXA5N3ctdmNxcs0YFw
Cookie persistence after password changes in symfony/security-bundle
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS02MzR4LXBjM3EtY2Y0Y84AArNC
PHP Code Injection by malicious block or filename in Smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1xN3J2LTZocDMtdmg5Ns01tQ
Improper Input Validation in guzzlehttp/psr7
Ecosystems: packagist
Packages: guzzlehttp/psr7
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13eG1oLTY1ZjctamN2d84AAy3w
Improper header name validation in guzzlehttp/psr7
Ecosystems: packagist
Packages: guzzlehttp/psr7
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yODUzLWhmMmctOTg0M84AAWTf
PHPOffice Common Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: phpoffice/common
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 2 months ago
High
GSA_kwCzR0hTQS1qd3FwLXdoNWctNGdtbc4AAj_g
CodeIgniter Improper Privilege Management
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThndjMtM2o3Zi13Zzk0
Potential Remote Code Execution vulnerability
Ecosystems: packagist
Packages: nette/application
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 3 years ago
High
GSA_kwCzR0hTQS1wbTltLXcyM3EtNTk2N84AAYQH
Zend Framework Information Disclosure
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-crypt
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05ZmM1LXEyNWMtcjJ3cs4AAgVP
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Ecosystems: packagist, maven, nuget
Packages: jasig/phpcas, org.jasig.cas:cas-client, DotNetCasClient
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OTQtZnY1aC01cTJj
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1NGotZjI3ci1jajUy
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN
Symfony vulnerable to Session Fixation of CSRF tokens
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS14NWc0LWNyeHEtcXhqeM4AAR8N
Contao Core directory traversal vulnerability
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1od21oLTlqajktOGM5Y84AATmP
Contao CSRF Token Bypass
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDgtY2dybS1oaDhw
Unrestricted file uploads in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxZzgtY3J4OS1nOG00
Backend Same-Site Request Forgery in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1YzUtZjRndy0zOHI5
Multiple vulnerabilities through filename manipulation in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoNXgtaGZoZy03OGpx
Deserialization of Untrusted Data in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS02Y3E1LThjajctZzU1OM4AAwgy
CodeIgniter4 Potential Session Handlers Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaHZoLWM1YzItdmo4Nc4AAdEL
Zend Framework SQL injection vector using null byte for PDO
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx
Symfony possible session fixation vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00NXgzLW13N3Etd2Y3Zs3stw
elFinder Path Traversal vulnerability
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00NHA4LWMzd3YtZjI4cs3sog
Directory Traversal in Studio 42 elFinder
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cTg4LWp4dnAtOWdwMs01Bw
Path Traversal in Studio-42 elFinder through 2.1.60
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03eDR3LWo5OHAtODU0eM4AAv_a
Cross site scripting vulnerability with discussion titles
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Zzctanc5bS1wYzNm
Broken Access Control in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: swiftmailer/swiftmailer, friendsofsymfony1/swiftmailer, friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xODNjLTY0YzktYzQybc4AAgU1
DOMPDF denial of service vulnerability
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd2Y4LW1qajgtcjhocc4AAgU0
DOMPDF Information Disclosure
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00aHgzLW04dzUtZzVxaM4AAXFf
yii2-redis Potential Remote code execution
Ecosystems: packagist
Packages: yiisoft/yii2-redis
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qOHAzLThtNjktMmhxcc4AAVTw
CakePHP allows remote attackers to spoof their IP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocngtaGNtNi1wbXJ3
Unsafe deserialization in SmtpTransport in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 4 years ago
High
GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03aHdjLTJjcTQtNngyd84AAT5V
Symfony Open Redirect
Ecosystems: packagist
Packages: symfony/security-bundle, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cjJ4LTc2ODctaDZxds4AAx3r
api-platform/core's secured properties may be accessible within collections
Ecosystems: packagist
Packages: api-platform/core
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9
Drupal editor module incorrectly checks access to inline private files
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02aHBqLTl4ajctMmp4eM4AASZo
Drupal access control bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP
Drupal Form API ignores access restrictions on submit buttons
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nMzZoLTRqcjYtcW1tOc4AAy-o
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zeHIzLXBoanAtZzZwMs0rPA
Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1neHhxLWZoYzctM2p2Oc4AAbOV
Drupal Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oM3I5LXBqbXItZjkzOM4AAdYi
Drupal Brute force amplification attacks via XML-RPC
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ
Exposure of Resource to Wrong Sphere in Drupal Core
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69
Drupal Incorrect cache context on password reset page
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yaDNjLTd3cXgtNnc5Nc4AAZkV
zend-diactoros Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: zendframework/zend-diactoros
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xOXA0LXFmYzgtZnZwcM0Wdw
SQL Injection in medoo
Ecosystems: packagist
Packages: catfan/medoo
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00YzY0LXc4ZmcteGNxMs4AAbIO
Yii Cross-site Scripting Framework vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2, yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00eGg5LTV2aDgtM3A1OM4AAbo9
Yii Framework Reflected XSS
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 27 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwdzYtOXhmeC1qdmN4
Directory Traversal in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo
Drupal Open redirect vulnerability in the drupal_goto function
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN
Drupal REST API can bypass comment approval
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS
Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNm0yLThyaHgtZjM2as0g_A
Sandbox bypass in Latte templates
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcXYtZ2NyMy1wZmY5
Cross-site scripting in phpoffice/phpspreadsheet
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yOWdwLTJjM20tM2o2bc0hTw
Sandbox Escape by math function in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx
Silverstripe CMS information disclosure
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OTJtLTQ1MzMtcnhxOc4AAkYY
SilverStripe Folders migrated from 3.x may be unsafe to upload to
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/userforms, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jNXd4LTZjMmMtZjdybc4AAwSZ
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zdzRoLXIyN2gtNHIyd84AAqx4
TYPO3 Image Processing susceptible to Code Execution
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13OXBoLXE0aDktcndxNs4AAYu2
CodeIgniter and Kohana vulnerable to PHP Object Injection
Ecosystems: packagist
Packages: kohana/core, codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04OXIyLTVnMzQtMmc0N84AATfR
Symfony Open Redirect
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yN3A3LXFyN3AtMnJyZs4AAT52
Symfony Open Redirect
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjZyLTZ4bTktd3cyMs4AAUL8
Yii Incorrectly Implements CORS
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Mng2LWgyZ3ItOGd4cc4AASJF
Symfony CSRF Vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-csrf
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxNW0tbXFteC1mdzZt
Privilege escalation via form generator
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NTd2LXhjZzYtcm01bc4AA3_F
Potential URI resolution path traversal in the AWS SDK for PHP
Ecosystems: packagist
Packages: aws/aws-sdk-php
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03MngyLTVjODUtNndtcs4AA3Cz
Symfony potential Cross-site Scripting in WebhookController
Ecosystems: packagist
Packages: symfony/symfony, symfony/webhook
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1tNjRqLWoyNTItanhtcs4AAfKx
TYPO3 SQL injection vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nNDM0LTNxMmotaGo0cs4AAWhd
CodeIgniter Session Fixation Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxbTYtY2d3ci14NnBm
Signature validation bypass in XmlSecLibs
Ecosystems: packagist
Packages: robrichards/xmlseclibs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 4 years ago
High
GSA_kwCzR0hTQS02OXdwLXh3bTctNjl3bc01DA
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzdjLXF2NjgtajNwcM4AAxa2
Cross-site Scripting in MobileDetect
Ecosystems: packagist
Packages: mobiledetect/mobiledetectlib
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4bWotcHc1Ny00dm0y
Cross-site scripting in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cTgtamZjdi1nMmgy
Directory Traversal in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS00Z2pqLXI3dzgtNDJjcc4AASjv
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: kreait/firebase-php
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1oOTcyLXY0NTgtbTg5Ms4AAwJz
Craft CMS discloses password hashes
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS13NmpyLXdqNjQtbWM5eM0g-w
Deserialization of Untrusted Data in Codeigniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01M21tLWh4MzItNjQ3Nc4AAwWZ
TYPO3 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: derhansen/fe_change_pwd, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03OWd2LTVjZ3gteDZyeM0-8Q
Typo3 Authentication Bypass
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1neDRwLTZ3ODYtZjhqeM0_Kg
Typo3 SQL injection due to faulty prepared statements
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04Mjc0LWg1anAtOTd2cs4AAtr1
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Ecosystems: packagist
Packages: laminas/laminas-diactoros
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 3 months ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,811 pypi 3,712 npm 3,543 go 1,896 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 simplesamlphp/simplesamlphp 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 ezsystems/ezpublish-kernel 14 smarty/smarty 14 impresscms/impresscms 13 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 october/system 13 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 phpmyfaq/phpmyfaq 12 feehi/feehicms 11 feehi/cms 11 zendframework/zendframework 11 silverstripe/cms 11 sylius/sylius 10 wwbn/avideo 10 admidio/admidio 10 opencart/opencart 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 wallabag/wallabag 10 laravel/framework 10 ezsystems/ezplatform-kernel 10 pagekit/pagekit 10 tinymce 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 concrete5/core 9 TinyMCE 9 alextselegidis/easyappointments 9 october/october 9 kevinpapst/kimai2 9 tinymce/tinymce 9 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 croogo/croogo 8 symfony/http-foundation 7 wpglobus/wpglobus 7 silverstripe/graphql 7 flarum/core 7 statamic/cms 7 silverstripe/admin 7 pterodactyl/panel 7 october/backend 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 dweeves/magmi 6 yiisoft/yii2-dev 6 guzzlehttp/guzzle 6 bagisto/bagisto 6 yourls/yourls 6 in2code/femanager 6 contao/core 6 gleez/cms 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 symfony/security-core 5 ibexa/core 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ezsystems/ezplatform-admin-ui 5 billz/raspap-webgui 5 pear/archive_tar 5 gugoan/economizzer 5 bottelet/flarepoint 5 anchorcms/anchor-cms 5 typo3/cms-install 5 phpseclib/phpseclib 5 oro/platform 5 idno/known 4 wintercms/winter 4 woocommerce/woocommerce 4 typo3/cms-frontend 4 notrinos/notrinos-erp 4 evolutioncms/evolution 4 bytefury/crater 4 codeigniter4/shield 4 typo3/html-sanitizer 4 oro/commerce 4 symfony/security-bundle 4 wp-premium/gravityforms 4 modx/revolution 4 spatie/browsershot 4 bref/bref 4 magento/product-community-edition 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/dolibarr/dolibarr 10 https://github.com/top-think/framework 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/tinymce/tinymce 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/wintercms/winter 6 https://github.com/gleez/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/ibexa/core 5 https://github.com/jbroadway/elefant 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/composer/composer 5 https://github.com/zendframework/zf1 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/phpseclib/phpseclib 5 https://github.com/nukeviet/nukeviet 5 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/brefphp/bref 4 https://github.com/screetsec/VDD 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/kimai/kimai 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/oroinc/crm 3 https://github.com/PrestaShop/productcomments 3 https://github.com/modxcms/revolution 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/facade/ignition 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/pixelfed/pixelfed 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/liufee/feehicms 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2