Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS02N2c4LWM3MjQtOG1wM84AAyJ5
DDOS attack on graphql endpoints
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xODYzLWNjaG0tYzZjNs01ig
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mOTlyLWpqZ3ItZjM3M804wg
SQL injection in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13bTVnLXA5OXEtNjZnNM4AAz3C
elFinder vulnerable to path traversal in LocalVolumeDriver connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 11 months ago
High
GSA_kwCzR0hTQS14Z3gyLTMzMmgtOXg2cc011w
SQL Injection in Yeswiki
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yNWZ4LTNjMnEtY3E0Ns4AAzYF
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jOWh3LTU1N3EtZjhocc4AA01k
Pimcore vulnerable to SQL Injection in Dataobjects sorting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
High
GSA_kwCzR0hTQS03M3JwLXE0cngtNWdyY83kMQ
Incorrect Authorization in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoNXgtaGZoZy03OGpx
Deserialization of Untrusted Data in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS0yNW1xLXY4NHEtNGo3cs4AAs5X
CURLOPT_HTTPAUTH option not cleared on change of origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcDQzLTJ2aGYtY2o4Z84AAil1
Magento Remote code execution through support/output path modification
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqbWgtYzZ2ci1wbXZt
SQL Injection in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 3 years ago
High
GSA_kwCzR0hTQS00Mmd2LTc3ZjQtcjNqOc4AAUWb
Shopware SQL Injection
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12M21yLWdwN2otcHc1d80oqQ
Possible SQL injection in tablelookupwizard Contao Extension
Ecosystems: packagist
Packages: terminal42/contao-tablelookupwizard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcmYtOTlndy12dndq
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS03OW0yLWg2N3YtMzVxN84AAVT5
Elefant CMS CSRF Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nODg4LWcycHAtODJoZs4AAXJT
SimpleSAMLphp saml2 incorrect signature validation
Ecosystems: packagist
Packages: simplesamlphp/saml2
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNGg1LWczdzgtZjl4N84AAT6a
Subrion CMS vulnerable to CSRF in admin/blocks/add
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS05aHJjLXJ3cnEtdjZtaM4AAT13
phpMyAdmin DoS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS05NjQ1LTZnNzItMnB2OM4AAgCl
phpMyAdmin unsafely handles temporary files
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01OWZoLXJqcTMteHE3as4AAwLl
Thinkphp has a code logic error
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcmctMjloNy1oNGNq
XXE in PHPSpreadsheet due to encoding issue
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 4 years ago
High
GSA_kwCzR0hTQS04N2ZnLTl4NXctajNybc4AA371
MainWP Dashboard SQL Command Injection vulnerability
Ecosystems: packagist
Packages: mainwp/mainwp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNTU5LThtMm0tZzY5Oc4AAs5c
Change in port should be considered a change in origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcGM4LW0yeG0tOXc3Nc4AAimD
Magento Remote code execution through catalog attribute sets
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00MnFtLWMzY2YtOXd2Ms0vxw
Code injection in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yY21mLTg4cDQtOXdyZ84AAlFm
WooCommerce Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jd2dtLXF3OHYtaHJyZ84AAbdO
Dolibarr ERP and CRM Unsafe File Upload Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS12NWM5LW1tdzktODI5cc4AAV0H
PHPMailer susceptible to arbitrary code execution
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jcWNjLW1tNngtdm12d806mg
Persistent Cross-site Scripting vulnerability in PrivateBin
Ecosystems: packagist
Packages: privatebin/privatebin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14d3c0LXc2ZmYtNXEzZ84AAyel
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Y3I0LXg4MngtaHdtOc4AAykK
thorsten/phpmyfaq vulnerable to authentication bypass
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS04YzJjLWp4d2otanFnZs4AAwCy
Browsershot does not validate URL protocols passed to Browsershot URL method
Ecosystems: packagist
Packages: spatie/browsershot
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zajkzLTdyZjctcDdtNs4AAyjv
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcWhtLXFmajMtNHJyeM3soQ
elFinder Server Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS05NnZ4LXFmMjgtNmY4bc4AAdq5
Drupal Access Control Bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13anBjLWdqZjctOTkzOM0-Kw
TYPO3 Arbitrary Code Execution vulnerability on the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3ItcnA5Ny03cnY0
Privilage Escalation in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS1xZ3JxLTY0ZzYtbW1oNs4AAbYt
phpMyAdmin DoS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xMjYzLWozcTktZzk2NM4AAQVt
October CMS PHP Code Execution
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s
Arbitrary Code Execution in Processwire
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 months ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1xOXZtLTI5cGgtcDdtcM4AA09H
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 10 months ago
High
GSA_kwCzR0hTQS1xOGo3LWZqaDctMjV2Nc3gFg
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/validator
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nbTV4LWhwbXcteHB4Z84AAlYx
Silverstripe CMS information disclosure
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2OWYtNTM5di1mNWpn
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Ecosystems: packagist
Packages: prestashop/gamification
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4d2otNm03My1nZnFw
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
Ecosystems: packagist
Packages: oneup/uploader-bundle
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 4 years ago
High
GSA_kwCzR0hTQS1mcXgzLXI3NWgtdmM4Oc4AArad
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1meDlnLWc5cTYteDNqeM4AAuCO
Magento Path Traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nd3dxLTU0cXAtOXBncM4AAbgi
Zend Framework CSRF Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Z2g2LWY0amgtM2Nycc4AAo-E
Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03dzUzLWhmcHctcmczZ84AAZ60
Symfony Arbitrary PHP code Execution
Ecosystems: packagist
Packages: symfony/yaml, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14OTV4LWY0ZzktbW04Nc4AAuDM
Magento Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cHFwLTY5bTMtZjhwcM4AAyQp
NotrinosERP vulnerable to SQL Injection
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jcDY4LTQycGYtNjYyN84AAw_a
Froxlor vulnerable to Command Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
GSA_kwCzR0hTQS1nM2o1LW1wcDItMmZxbc4AAxJJ
symfont/process typosquatting malware spoofs symfony/process
Ecosystems: packagist
Packages: symfont/process
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12eHBtLThoY3AtcWgyN84AAxad
Payment information sent to PayPal not necessarily identical to created order
Ecosystems: packagist
Packages: swag/paypal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yN21tLWdyZjMtNWZqds4AAuDW
Magento Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oOTcyLXY0NTgtbTg5Ms4AAwJz
Craft CMS discloses password hashes
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS13M3FtLTkzdmYtNWhyd84AA1Ej
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cjItZ3ZnZi1tcG04
Improper Encoding or Escaping of Output and Injection in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 4 years ago
High
GSA_kwCzR0hTQS1wcmpnLTI4amctbTNwNc4AAxy6
RosarioSIS Improper Access Control vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12cXhmLXI5cGgtY2M5Y84AAzbH
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 12 months ago
High
GSA_kwCzR0hTQS13MnA0LTJjOGMtMmc3aM4AAniA
Magento OS command injection via the customer attribute save controller
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mbTUzLW1wbXAtN3F3Ms4AArNK
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
Ecosystems: packagist
Packages: fof/upload
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cnZjLTVocmgtcW13Zs0-Kg
TYPO3 SQL injection vulnerability on the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcHhtLXEyaDQtdjdtbc4AAyM6
Teampass SQL Injection vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
High
GSA_kwCzR0hTQS0zdmY1LXhtMnAtNm1oNc4AA1R0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1tNnBmLWNtM2YtNzg3Ns4AA1Tn
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS1ycjhoLWY5N3EtOHA5Y84AAv_j
Blind SQL Injection via GridFieldSortableHeader
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xcTJqLTlwZjgtZzU4Y84AAyDw
Company admin role gives excessive privileges in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yeHZ4LTM2OGgtcWNtds4AA09I
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 10 months ago
High
GSA_kwCzR0hTQS02eDhmLXg2cXctcXd4M84AAyBo
cockpit-hq/cockpit is vulnerable to unrestricted file uploads
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNWd2LXdnNmYtNmZycM4AAvEa
Centreon SQL Injection vulnerability via esc_name parameter
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yN3BnLTRjajYtODk5NM4AAypj
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: packagist
Packages: yuan1994/tpadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yaHc2LTRydjktODJmcM4AAyjG
Uvdesk remote code execution vulnerability
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS14cGZ2LTg5dmctcjU2Ms0mag
Cross Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS01Zmo3LWY4eDMtcTJtY80-7Q
simpleSAMLphp incorrectly handles XML encryption
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNmg3LTI5cjItZzg4Zs4AAWMM
phpMyAdmin vulnerable to static code injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oNzd3LTY1NWYtNmozbc4AAlYn
Silverstripe CMS malicious file upload enables script execution
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wbXhnLXc5YzctZmZtcc4AAlY3
Microweber Discloses Sensitive Information
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ycmp2LTM0cDUtNGM3cs4AArMw
SQL injection in helloxz/imgurl
Ecosystems: packagist
Packages: helloxz/imgurl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qNGZxLTNmbTctd2g1ds4AAjQs
Magento arbitrary PHP code execution via the productData parameter
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qang1LWZxNWctOHhwY84AAdU8
Symfony Cryptographic Vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS12OTc3LWg0aG0tcnJmZs4AA4Vu
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS0yangzLTVqOXYtcHJwcM4AAs_N
BlockWishList SQL Injection vulnerability
Ecosystems: packagist
Packages: prestashop/blockwishlist
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zY3F3LXB4Z3Itamhybc3Msg
TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mcDdxLXhoaHctNnJqM84AAy-u
Path traversal vulnerability in the file manager
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS14cjloLXAycmMtcnBxbc4AAzC_
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDgtY2dybS1oaDhw
Unrestricted file uploads in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 4 years ago
High
GSA_kwCzR0hTQS0ybWhoLTI3djctM3ZjeM4AAzUE
WWBN AVideo command injection vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13N3JoLTl3NXYtcndxas4AAlKh
Magento defense-in-depth security mitigation vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNnA1LTc2ZnAtbTI0OM1Bkw
URL Rewrite vulnerability in multiple zendframework components
Ecosystems: packagist
Packages: zendframework/zend-http, zendframework/zend-feed, zendframework/zend-diactoros
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2