Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNnAtNHBjai01bXI5
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jd2htLTI3MnAtM3dqOc4AAXbQ
Yii Framework Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yiisoft/yii2-dev, yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS13NnJwLTR2ajctdjJtOM0g9g
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nOGo3LXc2NzMtNG1qcM4AAj7W
Subrion CMS CSRF Vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nNGc3LXE3MjYtdjVoZ84AATux
Symfony CSRF Token Fixation
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS14anIzLWZ3cDktOWc5Ns4AAvLD
Moodle Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS03MmhoLXhmNzktNDI5cM4AA3ML
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3ajUtOWo3Ny1nNGdx
Remote code execution in turn extension for TYPO3
Ecosystems: packagist
Packages: marcwillmann/turn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mZ2o4LTkzeHgtZjZnNs4AAjO6
phpMyAdmin SQL injection in user accounts page
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoNTUtMmZxcC1wNzc1
Command injection in mail agent settings
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNnhxLXhjeGMtZmdoeM4AAy7K
Improper Privilege Management in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcTc2LWpxNm0tNTczcM4AA0fJ
Archive_Tar contains Potential RCE if filename starts with phar://
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
High
GSA_kwCzR0hTQS0zNWdwLWp4dzgteHc2aM4AAlsp
Codiad CSRF Vulnerability
Ecosystems: packagist
Packages: codiad/codiad
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01bWgyLTgyZzktNzJqds4AAmiZ
Subrion CMS CSRF Vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0OGYtd3Y3Ni14OWhn
Arbitrary file upload in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qZjVmLWgzd3ItajY2Ns4AAQtC
SQL Injection in Zenario 7.1-7.6
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNGg1LWczdzgtZjl4N84AAT6a
Subrion CMS vulnerable to CSRF in admin/blocks/add
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14d3c0LXc2ZmYtNXEzZ84AAyel
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nNjQ0LXg0aGotY21occ4AAVWO
Gleez CMS CSRF Allows Adding of Administrator Accounts
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ycndoLTI2MnItcjg1as4AAhdz
Dolibarr ERP and CRM malicious executable loading
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1waGhtLTZwZ20tbXh3Oc4AAbJs
MODX Revolution blind SQL injection
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2Z2YtbXJyNC1jdzdy
Cross-Site Request Forgery in ForkCMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS13cHd3LWh4N3gteGZqaM4AAWq0
phpMyAdmin PHP code injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Z3E5LXA5NGYtZzV2Oc4AA3hu
ThinkAdmin arbitrary file upload vulnerability
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wNzU3LTR2M3Atajc0Zs4AAtKj
Known vulnerable to account takeover via host header injection attack in v1.3.1
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cHd3LWZxZ2gtMzZoas0xVA
Unrestricted Upload of File with Dangerous Type in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NnJmLTM4djgtOWM0eM4AAxgJ
privilege chaining in cockpit-hq/cockpit
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13OXdjLTR4Y3EtOGdyNs4AAwO3
Akeneo PIM Community Edition vulnerable to remote php code execution
Ecosystems: packagist
Packages: akeneo/pim-community-dev
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qd2c0LXFjZ3YtNXdnNs4AAy_2
SQL Injection in Admin Translations API
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qd3FyLWpjd3AtNDQ1d84AAWWR
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yZjhmLWhxanYtOTg2cM4AAhAR
Shopware Insecure Deserialization Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2N20td2M3Zy03Z2Zw
Cross-Site Request Forgery in MAGMI
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS02MmcyLThwOWYtZ2hqcM4AAXC5
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcDl2LXhwNnctd2NtY84AAUyK
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cmYtcTdoOC1qanI3
Authorization Bypass Through User-Controlled Key in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS0yOTdmLXI5dzctdzQ5Ms4AAve8
Magento Improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZ3dwLWYzeGgtbTI0Z84AAhqY
Bagisto CSRF Vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yeDJxLTJ4cHYtbWNmOc4AAimP
Magento 2 Community Edition SQLi Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14Mzk0LWc5ajgteDdtZs3rxA
phpMyAdmin Improper Authentication
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZmNxLXdoM2ctYzZoNM4AAilE
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13OGZwLTNnd3EtZ3hwd84AAv2t
Concrete CMS vulnerable to Cross-site Request Forgery
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yMmNxLXh4cjktanJyds4AAUs0
Zenario CMS vulnerable to CSRF
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02ajNwLXZycGgtajdxcc4AAWdG
OS Command Injection in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS05OXhqLXhxYzktOThocs4AATw2
phpMyAdmin SSRF in replication
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycjhtLTI5ZzgtOGNnY8017g
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 27 days ago
High
GSA_kwCzR0hTQS02eHczLWNwcWotOG14cs4AAwGR
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qd3Z3LXY3YzUtbTgyaM3tlQ
protobuf susceptible to buffer overflow
Ecosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yZ2NwLXh3eGctaHFnM84AAlyr
Dolibarr Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZ3A1LW0ycHEtM2ZtZ80t0Q
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS04djd2LTZtbW0teGp4bc4AAlC9
Dolibarr SQL injection vulnerability in accountancy/customer/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zY3djLW03YzItcXI4Ns4AAUM2
mPDF Unsafe Deserialization
Ecosystems: packagist
Packages: mpdf/mpdf
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OTJ4LTg5eHYtNjRqeM4AAiwH
Pagekit File Upload vulnerability
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZzhtLTg0amYtOTM2N84AAkni
Incorrect Authorization in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00NHc1LXEyNTctODQyOM4AAuXQ
Exposure of password hashes in notrinos/notrinos-erp
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mOWh4LTVqcTQtZmdqbc4AAThu
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1od21oLTlqajktOGM5Y84AATmP
Contao CSRF Token Bypass
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mNzdoLW05dzItdnZnMs0Y3A
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nbWZmLXZjdjYtbW1mcs4AAVvS
Pimcore CSRF Vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS02cWg2LXY5OWgtdmg0Y84AAhkn
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/product-community-edition, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14NDJnLTgycHAtNHY2Z84AAilf
Magento SQL injection vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00djJxLWhqeDMtYzR2cs4AAq98
Magento remote code execution vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wMjljLWpwZ2otdjU3cs4AAjxW
Froxlor arbitrary code execution via the database configuration options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03OWhnLTM1N2ctcnJnds4AATS1
Centreon SQL Injection
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NWc0LWNyeHEtcXhqeM4AAR8N
Contao Core directory traversal vulnerability
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00N2g2LWhmcHYtN3Boas4AAilz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04YzVwLTQzNjItOTMzM80W8w
Path traversal in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4angtNjZwOC12Y20y
SQL injection in pimcore/pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nbWc1LWYyZ20tcDNoN83zug
Bolt Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dnZoLXhxcTQtdzc3N83zUg
Mautic Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqeHctY2ZyaC1qeHE2
Cachet vulnerable to new line injection during configuration edition
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3NHAtNzJqNy12N2My
Phar object injection in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1aDgtcGM2aC1qdnZ4
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1td2g2LWc5d3gteGN4M84AAs4o
Unrestricted Upload of File with Dangerous Type in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OWd3LXY1cGgtNnZ4cc4AAT7T
Code Injection in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yMzQyLXZqYzQtd3Jtas3_CA
Craft CMS PHP Code Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcTdmLWNxNnEtOTR4aM4AAs5P
Cross-Site Request Forgery in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1neDZ2LTY3cXYtcmh4Nc4AAs4q
Code injection in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1meDM3LTU2djYtODVxNs4AAjos
Silverstripe CSRF Protection Bypass via GraphQL
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNTd3LTlxMjgtajZ2N84AAU6V
phpMyFAQ CSRF
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS04d2ozLWNwbXItOHdocM4AAuBb
Cockpit Content Platform vulnerable to 2FA bypass
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OWYtcDU2Zy1nNzV2
SQL Injection in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS01bXYyLXJ4M3EtNHcyds0pgA
Code injection in Twig
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zanJqLXg2Y2otOTdjcM4AAqu3
Moodle contains CSRF vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2cGgtcDYzNC12cnFm
Command Injection in RaspAP 2.6.6
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qcmp4LThnbXctamoycc4AAimQ
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05ZnFjLTljcHItdzczcc4AAxav
froxlor is vulnerable to privilege escalation from customer to root via directory-options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yY3JjLTV2cTYtMzg2cs4AAilI
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNzgzLWdqNm0tOXI4OM4AAilu
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05OTg2LTZtNGctMjVmNs4AAW42
Dolibarr SQL injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cmdwLTNwaDYtMnd3cc03dQ
SQL Injection in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2