Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12aHJ2LTlmOWctcmZyeM4AAx99
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1waDZnLXA3MnYtcGMzcM4AA0m1
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS05d2M5LTQ5OHctaDh4ds4AAjcc
Magento deserialization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jM200LWh4djktNG14as4AAlKP
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qODN4LXI5cXEtOWc0ds4AAyBh
Froxlor is vulnerable to authentication bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04aGNmLTJtNHYtZjJycc4AAw_o
SQL Injection in liftkit/database
Ecosystems: packagist
Packages: liftkit/database
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00NDZxLXh4ZzUtM3ZoaM4AAv0f
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tNm04LTZncTgtYzlmas4AAzbB
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1jNnY1LXBmNjYteGZxOM4AA0tO
Froxlor vulnerable to Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03bTdnLWpxNG0tOTh3Nc4AAe6O
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcTJmLTNmZzMtcnc5Oc0yxg
SQL Injection in WordPress Zero Spam WordPress plugin
Ecosystems: packagist
Packages: bmarshall511/wordpress_zero_spam
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nN3hyLXY4MnctcWdncc4AArga
Code Injection in SEOmatic
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13N3ZtLTR2M2otdmdwd84AA1Db
PyroCMS remote code execution vulnerability
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3ItOHd4bS04NTJj
Deserialization of Untrusted Data in NukeViet
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wY3BtLXZjNHYtY212eM4AAv0e
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzktMzVwMi1xMmM1
Steam Socialite Provider v1 does not correctly validate openid server
Ecosystems: packagist
Packages: socialiteproviders/steam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14NzUyLXFqdjQtYzRoY804Ig
Remote code injection in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04d3AyLXZ4cGcteGN2cM1BJg
Cross site scripting in facturascripts
Ecosystems: packagist
Packages: neorazorx/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbaility
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zcDdnLXdyZ2ctd3E0Nc4AAv0Y
GraphQL queries can expose password hashes
Ecosystems: packagist
Packages: ibexa/graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01OGg1LWg1NTQtNDI5cc4AAv0Z
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0ycnIzLXJ2NDktcDQyZs4AAvl1
phpMyFAQ contains Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Ecosystems: packagist
Packages: islandora/islandora
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02ZnJ4LTJyNXctYzUyNM0_IA
Smarty3 Arbitrary PHP Code Execution
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01cXhxLXZnbW0tcTM5bc4AAvli
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00NXgzLW13N3Etd2Y3Zs3stw
elFinder Path Traversal vulnerability
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14ZnFnLXA0OGctaGg5NM4AArUB
Login timing attack in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNDJjLXZjZmYtMmZmMs4AArUA
Login timing attack in ezsystems/ezplatform-kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LTJmM20tZ3h2cM4AAyAP
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04aDgzLWNoaDItZmNocM4AAv0g
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00eGY5LTRyNDQtODZyY80_iQ
ImpressPages CMS RCE
Ecosystems: packagist
Packages: impresspages/impresspages
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02dzI5LXg1ajQtcWhyd84AAlK8
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cGc5LWdxN2otbXhxZ84AAilq
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cnBjLTltODgtY2Y5d80YPQ
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmMzctZ3h2aC0yM3Y2
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Z20tNHA1dy1wcTJw
Remote code execution in verot/class.upload.php
Ecosystems: packagist
Packages: verot/class.upload.php
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1oNXYyLXdyaHAtNXYzNc4AAyDv
Access control issue in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jYzdnLTlwY2otN2d3bc4AAhL1
CodeIgniter Rest Server XXE Vulnerability
Ecosystems: packagist
Packages: chriskacerguis/codeigniter-restserver
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14ZmpxLXczY3ctaDVmcc4AAVUw
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03NjQ0LWN4cDgtaDIzcs4AAv0b
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zMzdjLTNyY2gtcTM1as4AAlcG
Magento php object injection vulnerability
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xcjk3LXY4N3AteDk2Nc4AAwrf
Ariadne Component Library vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: arc/web
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ocmd4LXAzNnAtODlxNM4AAtvN
PrestaShop eval injection possible if shop vulnerable to SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00MjIzLXFqOTQtN3g5cM4AAQMh
elFinder command injection vulnerability in the PHP connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03OWd2LTVjZ3gteDZyeM0-8Q
Typo3 Authentication Bypass
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cTRqLThwam0tNW1nY84AAjvL
SEOmatic for CraftCMS allows Server-Side Template Injection
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNDUtajNtNS04cWZx
Server-Side Request Forgery in Feehi CMS
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05ZmM1LXEyNWMtcjJ3cs4AAgVP
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Ecosystems: packagist, maven, nuget
Packages: jasig/phpcas, org.jasig.cas:cas-client, DotNetCasClient
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jNTVoLTdxNGotZzZycc4AAlKQ
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnYzctdzRody1ycjJt
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Ecosystems: packagist
Packages: verot/class.upload.php
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tdzk1LWdtdzQtODgzcM4AAniW
Magento XML injection in the Widgets module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14Y3EzLTdwZjMtNWp2Y84AA1Ei
Cockpit PHP Remote File Inclusion vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oNDM3LXFqajktdm1xNM4AAniO
Magento XPath Injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwYzMtOTZteC13d2M4
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qMmgyLWc4ODIteDlqMs4AAxfZ
Deserialization of Untrusted Data in thinkphp
Ecosystems: packagist
Packages: topthink/think
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13OHFwLWhtaDUtNHY5ds1RFQ
Object state limitation has no effect
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1naDdtLWo2NzMtd205N84AAv7L
Dolibarr vulnerable to privilege escalation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1MnEteHhqNC14MnJ4
SQL Injection in SimpleSAMLphp
Ecosystems: packagist
Packages: cesnet/simplesamlphp-module-proxystatistics
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS14Z2NwLTU5ZzItd204Z84AAilh
Magento 2 Community Edition Insecure Component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03Mjg5LWNod2otN2g4Ns0ZMg
Path traversal in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZnBoLTNocGctMmY2Nc3Xww
Incorrect Permission Assignment for Critical Resource in ShopXO
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oZjYyLTV2eGgtanB3as4AAitU
Pimcore 2FA Vulnerable to Brute Forcing
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nZmZ4LTlmMzYtcjh3cM4AAlLD
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13MzdmLXB2dngtd2N3bc4AAgZ7
Incorrect Calculation in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01ajR3LXY4N20tOHI2Nc4AAlK_
Magento business logic error vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in Torrentpier
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03MjR4LWdxaHYtOWM1eM4AAlJ-
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nN3BjLTc5OXEtNzQzZs4AAlf2
Magento DOM-based Cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cnAzLXdjMjgtcWcyaM4AAlKN
Magento Security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00Zjd4LWdqcWMtcXFwZ84AAlKL
Magento command injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNWhjLXdtM2ctaGp3Ns0vgw
Server-Side Request Forgery (SSRF) in rudloff/alltube
Ecosystems: packagist
Packages: rudloff/alltube
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00bTd2LXdyNnYtMm13Nc4AAzGP
AzuraCast missing brute force prevention
Ecosystems: packagist
Packages: azuracast/azuracast
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yNjl3LXBxYzctNjhxOc4AAniK
Magento vulnerable to a file upload restriction bypass
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03OTJmLWM4bXAtMmNyNc4AAnh_
Magento OS command injection via the WebAPI
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMzc3LXg4cmctYzltZs4AAtCY
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xMngzLTJmOWctaDU1Oc4AAyQm
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Y200LXZtZjItOHdmMs4AAvTC
Dolibarr vulnerable to Eval Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcHF2LTZwbTMtZzQ2as4AArjO
SQL Injection in RosarioSIS
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14anA0LTZ3NzUtcXJqN80vgQ
Remote CLI Command Execution Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wZ3ZoLXAzZzQtODZqd84AAxVl
AVideo contains Command injection when embedding a video link
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wcjlxLXY1ODUtcXYyd800vg
Improper Privilege Management in Open Web Analytics
Ecosystems: packagist
Packages: open-web-analytics/open-web-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1tZnZnLXF3Y3ctcXZjOM4AAyQi
baserCMS allows any file to be uploaded
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNjgzLTM1dzktMjhnNc4AAwWi
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Ecosystems: packagist
Packages: fixpunkt/fp-newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd2otcHJwcS1qcGMy
Symfony Service IDs Allow Injection
Ecosystems: packagist
Packages: symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1jajd3LXBtNzctaHZnNs4AAuCK
Magento XML Injection vulnerability in the Widgets Module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmMjMtZjI2Zi1tamo5
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2