Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: maven, pypi, go, packagist, nuget
Packages: com.google.protobuf:protobuf-java, protobuf, github.com/protocolbuffers/protobuf, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 111.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qd3Z3LXY3YzUtbTgyaM3tlQ
protobuf susceptible to buffer overflow
Ecosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yOGhtLXc1Zjctd2ozOc0Wzg
Cross-site scripting vulnerability in TinyMCE plugins
Ecosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqN20tZzUzbS03NjM4
Bootstrap Cross-site Scripting vulnerability
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Blast Radius: 58.1
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1yN2M5LWM2OW0tcnBoOM02Aw
Code Injection in PHPUnit
Ecosystems: packagist
Packages: phpunit/phpunit
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5Mmgtd21nMi02aHA3
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 56.1
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1wZmc0LXA0MzgtcDg3NM4AAUJH
Laravel Framework Deserialization Vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 55.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wcjQ0LTRqZnItMjg2bc4AAYSU
Swift Mailer mail transport Command Injection
Ecosystems: packagist
Packages: swiftmailer/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 55.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmNDYtNXIyNS01d2Zt
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Ecosystems: packagist
Packages: league/flysystem
Source: GitHub Advisory Database
Blast Radius: 55.4
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj
Unauthenticated remote code execution in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS12aHJwLThxeDQtdnI2Y80XYA
Incorrect Access Control in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03aDI2LTYzbTctcWhmMs0XTw
HTML comments vulnerability allowing to execute JavaScript code
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd2otcHJwcS1qcGMy
Symfony Service IDs Allow Injection
Ecosystems: packagist
Packages: symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related data
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5Z3ItNThyMy1wd20z
Symfony Unsafe Cache Serialization Could Enable RCE
Ecosystems: packagist
Packages: symfony/symfony, symfony/cache
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 4 years ago
High
GSA_kwCzR0hTQS1xOGhnLXBmOHYtY3hyds02BA
Symfony Http-Kernel has non-constant time comparison in UriSigner
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NGgtNXIyNy03eDNy
RCE in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xdnFtLWgyMnItNGNwOc4AATUn
Laravel Framework RCE Vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2OHgtdnZxcS1wdncz
Ckeditor XSS Vulnerability
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, ckeditor
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS0zNWM1LTI4cGctMnFnNM4AAWke
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xODd2LXE4ZnctZ21qNc4AAgyh
Symfony Incorrect Access Control
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13dmo1LXI3OHItaGhmcc4AAWjw
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01bXYyLXJ4M3EtNHcyds0pgA
Code injection in Twig
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ
HTTP Proxy header vulnerability
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cmMtcngyNS04bTg2
Improper Input Validation in Symfony
Ecosystems: packagist
Packages: symfony/var-exporter, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 4 years ago
High
GSA_kwCzR0hTQS1jd214LWhjcnEtbWhjM84AArM4
Cross-domain cookie leakage in Guzzle
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01NmdqLW12aDYtcnA3Nc4AAxd4
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01aDlnLXg1cnYtMjV3Z80WrQ
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoaDYtOTU2cS00cTY5
Argument injection in a MimeTypeGuesser in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/mime, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS1xNTU5LThtMm0tZzY5Oc4AAs5c
Change in port should be considered a change in origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yNW1xLXY4NHEtNGo3cs4AAs5X
CURLOPT_HTTPAUTH option not cleared on change of origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2OHItNXA0NS01cnFw
Improper Input Validation in Laravel
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS14NzUyLXFqdjQtYzRoY804Ig
Remote code injection in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS02Mm0zLWZjN2YtanBwOM02AA
Parsedown Class-Name Injection
Ecosystems: packagist
Packages: erusev/parsedown
Source: GitHub Advisory Database
Blast Radius: 42.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04eGY0LXc3cXctcGpqd802tA
Firebase PHP-JWT key/algorithm type confusion
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwYzMtOTZteC13d2M4
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmMzctZ3h2aC0yM3Y2
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
High
GSA_kwCzR0hTQS1mMndmLTI1eGMtNjljOc4AAreO
Failure to strip the Cookie header on change in host or HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13MjQ4LWZmajItNHY1cc4AAreN
Fix failure to strip Authorization header on HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1NzQtcXYzdy1mY21n
Deserialization of Untrusted Data in codeception/codeception
Ecosystems: packagist
Packages: codeception/codeception
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS1nNGc3LXE3MjYtdjVoZ84AATux
Symfony CSRF Token Fixation
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wdzVjLXhxZjItNnhjMs4AAdEh
Doctrine Security Misconfiguration Vulnerability
Ecosystems: packagist
Packages: zfcampus/zf-apigility-doctrine, zendframework/zendframework, zendframework/zend-cache, doctrine/cache, aws/aws-sdk-php, zendframework/zendframework1, doctrine/mongodb-odm-bundle, doctrine/mongodb-odm, doctrine/orm, doctrine/common, doctrine/annotations
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1aDgtcGM2aC1qdnZ4
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1qbTZtLTQ2MzItMzZoZs4AA2Jg
Composer Remote Code Execution vulnerability via web-accessible composer.phar
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
High
GSA_kwCzR0hTQS03MjVtLXc4MzItcTk3M84AA1_U
Composer allows cache poisoning from other projects built on the same host
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1jd2htLTI3MnAtM3dqOc4AAXbQ
Yii Framework Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yiisoft/yii2-dev, yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scripting
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xOGo3LWZqaDctMjV2Nc3gFg
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/validator
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12dm1yLTg4MjktNndoeM0n8Q
CSRF token missing in Symfony
Ecosystems: packagist
Packages: symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS01Mm0yLXZjNG0tamozM84AAvIl
Twig may load a template outside a configured directory when using the filesystem loader
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ZmpxLXczY3ctaDVmcc4AAVUw
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wOWhwLTNncHYtNTJ3M84AAVUb
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 11 days ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGYtcWY5Zi01Zmd3
Remote code execution in zendframework and laminas-http
Ecosystems: packagist
Packages: laminas/laminas-http, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS12NTlwLXA2OTItdjM4Ms4AAig9
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zend-db, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qandqLXczZ2MtZ2N3NM4AAgU2
DOMPDF Remote Code Execution
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14N2NyLTZxcjYtMmhoNs0_nA
Missing input validation can lead to command execution in composer
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcmctMjloNy1oNGNq
XXE in PHPSpreadsheet due to encoding issue
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2d3YtaDY5bS13ZzZm
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3NHAtNzJqNy12N2My
Phar object injection in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: about 4 years ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mcnFnLTdnMzgtNmdjZs0WJQ
Improper escaping of command arguments on Windows leading to command injection
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xM2ozLXczN3gtaHEycc0YFQ
Webcache Poisoning in symfony/http-kernel
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04d2dqLTZ3eDgtaDVocc3r4Q
Symfony HTTP Foundation web cache poisoning
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01aHc0LW03ZjMtaGh4OM4AAvLl
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Ecosystems: packagist
Packages: spoonity/tcpdf, la-haute-societe/tcpdf, fooman/tcpdf, tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oY3E5LWhtZ2YtNnFyOc0_Sg
Drupal SQL Injection vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handling
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtanBxNy02YzU0
Insecure Deserialization of untrusted data in rmccue/requests
Ecosystems: packagist
Packages: rmccue/requests
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS0zaHh3LWc4NXAtcWd4bc4AAgp9
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
Ecosystems: packagist
Packages: typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13dmZ3LXczeDYtZzUyNs4AAToq
Silverstripe Framework SQLi Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2
Missing warning can lead to unauthenticated admin access in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: over 4 years ago
High
GSA_kwCzR0hTQS1nNHJnLXJ3NjUtOGhmZ84AAT6-
Symfony Session Fixation Vulnerability
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2