Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3
Statamic CMS remote code execution via front-end form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03MngyLTVjODUtNndtcs4AA3Cz
Symfony potential Cross-site Scripting in WebhookController
Ecosystems: packagist
Packages: symfony/symfony, symfony/webhook
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx
Symfony possible session fixation vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mbTVoLTU4ZzItNG0zZs4AA3Bj
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNXhmLWd2ODktZzQyMs4AA3Bq
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yNmZnLXYzMnItaDY2M84AA3Bo
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01Y3Z4LWN3cHgtOXJqaM4AA3Br
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05Z3FwLTNnMjgtdzl4Y84AA3B4
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yOGdjLTRxcTUtOHEyNs4AA3Bi
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04bW0yLW0yZ3AtYzZ4Ms4AA3Bn
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
High
GSA_kwCzR0hTQS13OHgyLXc0cXItdjN4NM4AA3Bg
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04M2oyLXFoeDItcDdqY84AA2_W
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerability
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05Y3c5LW03aGctdzhtZs4AA24o
Reportico Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qZnh3LTZjNXYtYzQyZs4AA22R
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1yOWNtLXB3OWotM2ZweM4AA21l
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00OHYyLTU5NngtNGpyOc4AA21m
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02ZjU4LWozMjMtNjQ3Ms4AA21F
pimcore/admin-ui-classic-bundle Unverified Password Change
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNTl2LWhoNHAtcTkybc4AA20D
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1nNWhwLTMyOGgtamo5OM4AA2zj
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1mNzI4LXByaHctMmc2OM4AA2zm
Insufficient Session Expiration in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zNHc0LXdycXAtajQ3Z84AA2zk
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03cTVmLTI5Z3gtNTdmZs4AA2zg
Cross-site Scripting (XSS) in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNHZqLXc1cmotOGdyd84AA2zi
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05cGpmLWp3OXEtZng0Oc4AA2xF
Cross-site Scripting (XSS) in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1oOTJtLTRnOW0tNzJ2cs4AA2wi
juzawebCMS Injection vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1obXFqLWd2Mm0taHE1Nc4AA2uW
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04Zzg3LTczdnEtNDQzcM4AA2p7
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00cXY2LTM3eHEtbWdxMs4AA2oD
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00MzJmLTk2N2YtdnhnNM4AA2k2
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw
Subrion CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01aDQ3LTlybTUtZngzZs4AA2ks
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjQyLW1oMjctOGo2bc4AA2gW
MantisBT may disclose project names to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 months ago
High
GSA_kwCzR0hTQS12MjN3LXBwcG0tamg2Ns4AA2gU
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcjZoLTd4Mm0tcmdtcc4AA2dG
SQL injection in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jdnd2LWg4NW0tdzM3aM4AA2b7
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNWhxLTZmcmMtNjR2M84AA2bd
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zM3ZqLXI2cDYteDRwOM4AA2YJ
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yamM2LTNmaGotOHE4NM4AA2Xx
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13cnAyLTZ2NmotaGZtZ84AA2Uj
ConcreteCMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1ycjVjLTY5YzktZ2o5Zs4AA2R6
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02Y3h2LTI3cjItZnAzbc4AA2RX
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00MzdwLWpmbTQtMjM4N84AA2RU
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tcjR3LTd2bTktY2dxeM4AA2RT
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qNmg1LWdndjItM3Jmds4AA2RP
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02Zm0zLXI2bWYtajg3Nc4AA2RQ
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02eHg3LXI4eDQtZnBqcM4AA2RS
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wNGpqLWd3cGctOWp3aM4AA2RR
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05M2o0LXY4MzgtODc2N84AA2Pm
TYPO3 extension femanager Broken Access Control vulnerability
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01NmZtLWhmcDMteDN3M84AA2MC
Wallabag user can disable 2FA unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zOW0zLWNqOGMtODg2cs4AA2Kn
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yNjU3LTN3cWgtZzJ4Oc4AA2Jx
Microweber uses hard coded credentials
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xY2pnLWh2ZzYtaHhjcM4AA2Ju
phpMyFAQ allows unrestricted file types in image field
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1qNXd3LTV4ZjQtaHFtMs4AA2J0
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01and2LW04aDMtNjljZ84AA2Jw
phpMyFaq Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 8 months ago
High
GSA_kwCzR0hTQS1qbTZtLTQ2MzItMzZoZs4AA2Jg
Composer Remote Code Execution vulnerability via web-accessible composer.phar
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1ndnJnLTYyanAtcmY3as4AA2H_
PrestaShop allows employee without any access rights to list all installed modules
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03dmZmLXJ2MmYtY2o3Oc4AA2H8
Subrion CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 8 months ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1wcTk4LTZoZjYtM3JqM84AA2Hc
Economizzer remote code execution vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nYzk1LTVtbXAtbXA2as4AA2Hg
Economizzer vulnerable to Clickjacking
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1ocXA5LW1yanctN3FxMs4AA2He
Economizzer host header injection vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oM3FmLXY2OHItMzVqZ84AA2Hl
Economizzer user enumeration vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yZ2Y5LWo3Z3YtcnEyMs4AA2HZ
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wNzZqLWg0bTgtaHg1Y84AA2Gl
Pimcore Demo Allows GraphQL Introspection
Ecosystems: packagist
Packages: pimcore/demo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xODMyLTIyNzUtcmZxaM4AA2Dj
Subrion CMS XSS in /panel/configuration/financial/
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00dzJqLXdqOXEtNndweM4AA2GE
Subrion CMS Cross-site Scripting vulnerability in /panel/languages
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 8 months ago
High
GSA_kwCzR0hTQS12NGoyLWN3bW0teGc4Oc4AA2EH
OpenCart Path Traversal vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tOTg4LTczNzUtN2cyY84AA2Bx
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
High
GSA_kwCzR0hTQS03MjVtLXc4MzItcTk3M84AA1_U
Composer allows cache poisoning from other projects built on the same host
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2