Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
High
GSA_kwCzR0hTQS13NmpyLXdqNjQtbWM5eM0g-w
Deserialization of Untrusted Data in Codeigniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1neDRwLTZ3ODYtZjhqeM0_Kg
Typo3 SQL injection due to faulty prepared statements
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03OWd2LTVjZ3gteDZyeM0-8Q
Typo3 Authentication Bypass
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01M21tLWh4MzItNjQ3Nc4AAwWZ
TYPO3 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: derhansen/fe_change_pwd, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Mjc0LWg1anAtOTd2cs4AAtr1
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Ecosystems: packagist
Packages: laminas/laminas-diactoros
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtNTgtY3Z2bS1jNXFy
elFinder unsafe upload filtering leading to remote code execution
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02NmdyLXhyY2YtOGpwcc4AAcG9
Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Z2Z4LXd4ZmgtN3J2bc3rxw
Smarty Path Traversal Vulnerability
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1aHItam00ai05anZx
Sandbox escape through template_object in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS1tdzJ3LTJoajItZmc4cc4AA3Kz
yiisoft/yii deserializing untrusted user input can lead to remote code execution
Ecosystems: packagist
Packages: yiisoft/yii
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: 6 months ago
High
GSA_kwCzR0hTQS00NDJmLXdjd3EtZnBjZs4AAv_K
Prevent RCE when deserializing untrusted user input
Ecosystems: packagist
Packages: yiisoft/yii
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ODQtMjc5aC0zMnYy
Exceptions displayed in non-debug configurations in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/error-handler
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 4 years ago
High
GSA_kwCzR0hTQS02bTkzLTM0M20tM2pyY80kbQ
Cross-site Scripting in HTML2PDF
Ecosystems: packagist
Packages: spipu/html2pdf
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13eHh3LTVncTYtajJnNc4AA8G5
contao/core Insufficient input validation allows for code injection and remote execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 3 days ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zOWZwLW1xbW0tZ3hqNs4AA6c_
CodeIgniter4 DoS Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qOWY5LThqMzktNGc5N84AAYFD
CodeIgniter HTTP Header Injection
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmhtLWhycjItNnAycc4AAq8b
Cross-site Scripting in Bootstrap-3-Typeahead
Ecosystems: packagist, npm
Packages: bassjobsen/bootstrap-3-typeahead, bootstrap-3-typeahead
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01NHA1LWd4cTYtajk4Z84AAj_C
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oNXYyLXdyaHAtNXYzNc4AAyDv
Access control issue in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacks
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 23 days ago
High
GSA_kwCzR0hTQS02M3FqLXA4Z2gtNXh4eM4AATE7
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
Ecosystems: packagist
Packages: rap2hpoutre/laravel-log-viewer
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS04YzJjLWp4d2otanFnZs4AAwCy
Browsershot does not validate URL protocols passed to Browsershot URL method
Ecosystems: packagist
Packages: spatie/browsershot
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qN2Z4LXYzN2otdjN3N84AASzK
Craft CMS Vulnerable to Server-Side Template Injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS00NHdyLXJtd3EtM3Bod84AA1aT
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 9 months ago
High
GSA_kwCzR0hTQS12cXhmLXI5cGgtY2M5Y84AAzbH
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1nODU3LTQ3cG0tM3IzMs4AAx2X
laravel-admin has Arbitrary File Upload vulnerability
Ecosystems: packagist
Packages: encore/laravel-admin
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwdjgtcHB2ai00aDY4
Prevent user enumeration using Guard or the new Authenticator-based Security
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jYzdnLTlwY2otN2d3bc4AAhL1
CodeIgniter Rest Server XXE Vulnerability
Ecosystems: packagist
Packages: chriskacerguis/codeigniter-restserver
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH
Drupal core unrestricted file upload
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14M2NmLXc2NHgtNGNwMs4AATfM
Symfony Path Disclosure
Ecosystems: packagist
Packages: symfony/form, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xdjVwLTZ3cmMtNzl3Z84AAS_6
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qOTZnLTQ3eDItNDZods4AAWrb
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMm0tN2NmcC1oNmdm
Incorrect persistent NameID generation in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS12cjk1LXA3cTYtOG05cc4AA8Io
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0zZmo0LXE3MngteDJnOc4AAbZb
ADOdb Library SQL Injection
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qaGNmLWo0aGctdjY0cs4AAitC
Pimcore Access Control Issues
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01cXhxLXZnbW0tcTM5bc4AAvli
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oZjYyLTV2eGgtanB3as4AAitU
Pimcore 2FA Vulnerable to Brute Forcing
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03N3A0LXdmcjgtOTc3d84AAi_T
TYPO3 Directory Traversal on ZIP extraction
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS05anEyLWp2d2MtcDUyZs1Alg
Contao core SQL Injection Vulnerability
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT
Drupal Settings Tray access bypass
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N
Drupal Denial of service via transliterate mechanism
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in Drupal
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal Core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcWhtLXFmajMtNHJyeM3soQ
elFinder Server Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmOGotdjh4NS1oOXFw
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
Ecosystems: packagist
Packages: enshrined/svg-sanitize
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS03ajk4LWg3ZnAtNHZ3as4AAyaT
smarty Cross-site Scripting vulnerability in Javascript escaping
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS13anBjLWdqZjctOTkzOM0-Kw
TYPO3 Arbitrary Code Execution vulnerability on the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS00cnZjLTVocmgtcW13Zs0-Kg
TYPO3 SQL injection vulnerability on the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz
Drupal Reflected file download vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03cnZwLXhxajctcnhmMs4AA1QS
Daylight Studio FUEL-CMS SQLi Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01OTU3LTVjcngtNzlqeM4AAjaE
Zenario CMS vulnerable to CRLF injection
Ecosystems: packagist
Packages: zendframework/zend-http, zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tOHg2LTZyNjMtcXZqMs4AAgbl
Cross site scripting via canonical tag in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NGotd2p4eC13Z2dq
Incorrect Access Control vulnerability in api-platform/core
Ecosystems: packagist
Packages: api-platform/core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NWgtY3IyOS1maHA2
Local file disclosure in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 4 years ago
High
GSA_kwCzR0hTQS13bTVnLXA5OXEtNjZnNM4AAz3C
elFinder vulnerable to path traversal in LocalVolumeDriver connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1naHczLTVxdm0tM21xY84AAwgx
CodeIgniter4 allows spoofing of IP address when using proxy
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn
User enumeration leak using switch user functionality in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 4 years ago
High
GSA_kwCzR0hTQS1waDk4LXY3OGYtanFybc0bPg
SQL injection in jackalope/jackalope-doctrine-dbal
Ecosystems: packagist
Packages: jackalope/jackalope-doctrine-dbal
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14ODdtLTM2ZzctNm1wd84AAwO9
Yii2 Gii Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01cWo4LTZ4eGotaHA5aM4AAtdJ
Dompdf before v2.0.0 vulnerable to chroot check bypass
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wZjZwLTI1cjItZng0Nc4AAtBR
Server-Side Request Forgery in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcXgyLTZmNzgtdzJqMs4AA3v6
Denial of service caused by infinite recursion when parsing SVG images
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1maDRxLWh4cnctY2pxcc4AAYFR
TYPO3 Arbitrary Code Execution
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnY2ctMjh4bS04bW13
Cross-Site Scripting in Backend Grid View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtaDMtajVyNS0yMzc5
Cross-Site Scripting in Query Generator & Query View
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcTktZnF2OC01OXdm
Cross-Site Scripting in Page Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy
Session fixation in change password form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1mZjV4LTdxZzUtdndmMs4AA3uh
Denial of service caused by infinite recursion when parsing SVG document
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycjUzLTkyOTUtM204Ns4AA3K4
Statamic CMS vulnerable to remote code execution via form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 6 months ago
High
GSA_kwCzR0hTQS01bTY0LTlocTUtNXBmMs3zzg
Statamic framework Incorrect Permission Assignment
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZjJnLW1ycngtcnI1cM4AAo0h
Drupal Core Cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_
Drupal Core Cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcDhxLWd3ZjUtaHFoMs0_SQ
Drupal Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs
Drupal cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNnE1LXd2NHgtZnY2aM0rRw
Cross-site Scripting in Drupal Core
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU
Drupal cross site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNTMzLWM4NDMtNjdoOM0rSw
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9
Drupal Core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02NW1qLTdjODYtNzlqZs0mAA
Authentication Bypass in ADOdb/ADOdb
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13amZjLXBnZnAtcHY5Y84AAy65
Improper Input Validation in nyholm/psr7
Ecosystems: packagist
Packages: nyholm/psr7
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yOHY0LTd2d2otOTgzeM4AAXT5
SimpleSAMLphp SAML2 spoof SAML responses
Ecosystems: packagist
Packages: simplesamlphp/saml2
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qeGc1LTM1ZmotY2N3Zs4AAcC2
Extbase for TYPO3 allows RCE
Ecosystems: packagist
Packages: typo3/cms-extbase
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2