Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03M3E5LTdwd2otZ200Ns0kGg
icecoder is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00eHd3LTZoN3YtMjlqZ80gyw
User enumeration in livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jNjk3LXIyMjctcHE2aM0kag
Unrestricted Upload of File with Dangerous Type in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ZjV4LXE0amMteGZjZs0kWw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02bTkzLTM0M20tM2pyY80kbQ
Cross-site Scripting in HTML2PDF
Ecosystems: packagist
Packages: spipu/html2pdf
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12eGg0LXg2Z3YtbXBoZs0kcA
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Ecosystems: packagist
Packages: livehelperchat/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00NG00LTljanAtajU4N80kcg
IBX-1392: Image filenames sanitization
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNzl4LTk4cjItZzZxY80loQ
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS13amZxLTg4cTItcjM0as0log
Unhandled exception when decoding form response JSON
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jN2ZtLWp4NTktd2pmNs0lQA
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03djN4LWg3cjItMzRqds0lXg
Insufficient Session Expiration in Pterodactyl API
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wbTN2LXF4ZjYtZmd4ds0ljw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOHJwLXE4MnItYzVtZs0lmQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03d3Y4LWc5N3ItNDMyaM0llg
Exposure of Sensitive Information to an Unauthorized Actor in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12Y2dmLXZtcGMtcGg3Oc0lmA
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNWhqLXh4ZnItcHdjM80lkg
Code Injection in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS14aDk5LWh3N2gtd2Y2M80iuQ
Unchecked validity of Facing values in PlayerActionPacket
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cXZ4LWY1Z2YtZzQzds0hYQ
Logic error in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yOWdwLTJjM20tM2o2bc0hTw
Sandbox Escape by math function in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycmd3LTNoZzMtOXg4Y80hSg
XSS vulnerability in translations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1naGhtLXhyd3AtNzVtOc0hCw
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcjM3LTY2cGotMzZ2N80g8A
Cross-site Scripting in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NGd2LWZnY2otdzU0Ns0g7w
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcnhwLXh4eDgtaHJnNs0g7A
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Weak Password Requirements in Daybyday CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NnJwLTR2ajctdjJtOM0g9g
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyeGMtbXIydy1janB2
Open Redirect in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yd3FxLXA0cDktNXdwcc0dDg
Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.
Ecosystems: packagist
Packages: gaoming13/wechat-php-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jNmZnLTk5cHItMjVtOc0g_g
Uncapped length of skin data fields submitted by players
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNjJqLWhyeG0teGN4Zs0g_Q
Book page text, count, and author/title length is not limited in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jNTN2LXFtcngtOTNoZ80hAQ
Open redirect in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1wNTIzLWpycGgtcWpjNs0hAA
Insufficient Session Expiration in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNm0yLThyaHgtZjM2as0g_A
Sandbox bypass in Latte templates
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NmpyLXdqNjQtbWM5eM0g-w
Deserialization of Untrusted Data in Codeigniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01bWo2LTNjbXEtZmgzNM0grg
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jdjI1LTNnbWctYzZtOM0grQ
Injection in UserFrosting
Ecosystems: packagist
Packages: userfrosting/userfrosting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14dnZ2LXdqN2otcjlqbc0fYg
Cross-site Scripting in Netgen Tags Bundle
Ecosystems: packagist
Packages: netgen/tagsbundle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03dnhjLWNocWotaDgzZ80eiw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14ZzZyLTVneDQtcXhqbc0eaQ
invoiceninja is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: hillelcoren/invoice-ninja
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHc4LWo0M2otNXZ4cM0ebQ
elgg is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05MzI4LTdwY3ctdnc2Oc0gsA
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xdjdnLWo5OHYtOHBwN80gsQ
XSS vulnerability on email template preview page
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04eHg5LXJ4cmotMm0yd80dig
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDc3LTVwODgtZjkycs0dFA
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mN3h3LTQ2dmgtNWp3Ms0dDQ
livehelperchat is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03bXE2LWNwNW0tZjRqNc0bxA
Cross-site Scripting in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNWptLXhod20tOXhwOc0gRw
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycGc3LXE0Y3YtcDQ2Ns0cuw
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qODVmLXh3OXgtZmZ3cM0cvw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1md2g3LXY0Z2YteHY3d80ciw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzVjLTVqNGgtOHEyY80btQ
BookStack is vulnerable to Improper Access Control.
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ
Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw
Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05dndmLTU0bTktZ2M0Zs0aug
snipe-it is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04dzN4LXI2eDctYzVyNc0ayw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ydjJ2LWZ4N3ItZjJmaM0azA
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDg1LXA0cWctaGNycM0azQ
pimcore is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cXY4LWZxNXctcDk2Ns0a1Q
phpservermon is vulnerable to CRLF Injection
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NGNyLW01ZjgtZ3h3OM0a0Q
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yeGNoLWdwNjItNTc0d80bSg
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycDQyLWM0NWotZzQ2eM0bdg
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcWZwLW01ZjgtdmcyOM0clA
Dolibarr Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NHB4LXE2OHItMmZjOc0bsw
Privilege escalation in the Sulu Admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS12eDZqLXBqcmgtdmdqaM0bsg
PHP file inclusion in the Sulu admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1waDk4LXY3OGYtanFybc0bPg
SQL injection in jackalope/jackalope-doctrine-dbal
Ecosystems: packagist
Packages: jackalope/jackalope-doctrine-dbal
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00and4LTc4dngtZ202Z80ajA
Cross-Site Request Forgery in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05N2NjLTgyNWMtMzk5Z80abA
Cross site scripting in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1oODZqLTZoNm0tcWpxd80Z7g
Cross-Site Request Forgery in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zM2djLTZjdzktdzNnNM0ZXg
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NTNxLWhwdnAtcThwY80ZWw
Server-Side Request Forgery in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oamhwLWh3ZmotaHdmM80ZNQ
Cross Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Mjg5LWNod2otN2g4Ns0ZMg
Path traversal in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NmhmLTJwNnctanFmd80Zdg
Laravel Framework XSS in Blade templating engine
Ecosystems: packagist
Packages: illuminate/view, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNnZxLXdjOHctNGc2Oc0Y3Q
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01dnI2LWhtNjgtNWo5cM0YwQ
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nd3B4LXEyaDktd3hneM0YzA
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02N2M3LTV2OWotMjI3cs0Yyw
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05dzhmLTd3Z3ItMmg3Z80Yzw
kimai2 is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02cHFtLXh2ZmMtdzdwNM0Yzg
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNTQ1LXZwd3AtcjlqN80Y0A
showdoc is vulnerable to URL Redirection to Untrusted Site
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ZmgzLTI1eHItZzg1aM0Y1A
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14NjhjLTRnbW0tNWc0M80Y0w
kimai2 is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mNzdoLW05dzItdnZnMs0Y3A
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2