Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1nZnZmLTJmMjUtZjM0cs4AA8HD
Drupal Anonymous Open Redirect
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03ZjRmLXA3bXEtcDRmds4AA8HC
Drupal External URL injection through URL aliases leading to Open Redirect
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB
Drupal Content moderation Access bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS12anJnLXdwbTgtcmhyd84AA8HA
doctrine/orm Regression in Query Parenthesis can have Security Implications
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS05d3Y4LTNoOGgteDJ3Y84AA8G9
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Ecosystems: packagist
Packages: doctrine/doctrine-module
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 3 days ago
High
GSA_kwCzR0hTQS03Nnc4LW1xeDQtd2pyZs4AA8G8
Doctrine DBAL SQL injection possibility
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 3 days ago
Low
GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
Ecosystems: packagist
Packages: datadog/dd-trace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS13cTQzLThyNXAtdzNtY84AA8G6
contao/core PHP object injection vulnerability allows for arbitrary code execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS13eHh3LTVncTYtajJnNc4AA8G5
contao/core Insufficient input validation allows for code injection and remote execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
codeigniter/framework SQL injection in ODBC database driver
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xOWozLTRnaGotNmg1N84AA8GQ
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 3 days ago
High
GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
OpenCFP Framework (Sentry) Account takeover via null password reset codes
Ecosystems: packagist
Packages: cartalyst/sentry
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 3 days ago
High
GSA_kwCzR0hTQS1wZ2o0LWc1ajQtY21meM4AA8GO
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
Ecosystems: packagist
Packages: cart2quote/module-quotation-encoded
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00Y3YyLXhjNWYtcHg4aM4AA8GN
Denial of Service in extension "Code Highlight" (codehighlight)
Ecosystems: packagist
Packages: brotkrueml/codehighlight
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS02NXhoLWhoNzgtNjQ1NM4AA8GM
Denial of Service in extension "Code Highlight" (codehighlight)
Ecosystems: packagist
Packages: brotkrueml/codehighlight
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04djV4LTZ2djUtanY0Z84AA8GL
amphp/http Host Header Injection vulnerability
Ecosystems: packagist
Packages: amphp/http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1nbTk4LWcyd2YtN2M2OM4AA8GK
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
Ecosystems: packagist
Packages: amphp/artax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04anA5LW1wdjktOThyas4AA8GJ
amphp/http-client Header leakage on cross-domain redirects
Ecosystems: packagist
Packages: amphp/http-client
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04N21wLXhjNHgteDhyaM4AA8GI
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Ecosystems: packagist
Packages: asymmetricrypt/asymmetricrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0zMnJ4LXh2dnItNHh2Oc4AA8GH
easyadmin-extension-bundle action case insensitivity
Ecosystems: packagist
Packages: alterphp/easyadmin-extension-bundle
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1oNjNjLXh2cGYtMjY0as4AA8GG
ADOdb SQL injection vulnerability
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
Ecosystems: packagist
Packages: 3f/pygmentize
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 days ago
Critical
GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerability
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
High
GSA_kwCzR0hTQS1mOHY1LWptZmgtcHI2Oc4AA8GC
Grav Vulnerable to Arbitrary File Read to Account Takeover
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0ycTJmLWg4M3gtY3gzeM4AA8Ea
Reportico Web fails to invalidate cookies upon logout
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03cGpyLTJyZ2gtZmM1Z84AA8ES
Anonymous PrestaShop customer can download other customers' invoices
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 days ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0zNmc4LTYycXYtNTk1N84AA8EK
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1odzZjLTZnd3EtM20zbc4AA8EJ
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12Nm13LWg3dzYtNTl3M84AA8EI
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 4 days ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1mcXc3LTgzOWotaHZ4as4AA8DF
PHP Censor uses a weak hashing algorithm for the remember me key
Ecosystems: packagist
Packages: php-censor/php-censor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS12cGo4LXhmcWMtamN2Oc4AA79_
Cockpit CMS contains an arbitrary file upload vulenrability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS13Z3g3LWpwNTYtNjVtcc4AA74m
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS05OWpjLXdxbXItZmYycc4AA74l
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 5 days ago
High
GSA_kwCzR0hTQS05M3gzLW03cHctcHBxbc4AA74k
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS03cHJqLTljY3ItaHIzcc4AA74Y
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS12MmY5LXJ2Nnctdnc4cs4AA74X
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS14NTI1LTU0aGYteHI1M84AA74W
Blind XSS Leading to Froxlor Application Compromise
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS02cGptLWhtdmYtaDRycs4AA7wo
image-optimizer allows PHAR deserialization
Ecosystems: packagist
Packages: spatie/image-optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS05NjlmLXY3anYtcGdqM84AA7wL
ThinkPHP allows remote attackers to discover the PHPSESSION cookie
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1ocjJyLXc2d2MtMjVwds4AA7wE
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03cXdqLWdjamYtODI4Zs4AA7wF
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS0zODR3LXdmZnIteDYzcc4AA7v5
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zNDk0LWNmd2YtNTZod84AA7Wr
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
Ecosystems: packagist
Packages: mdanter/ecc, paragonie/ecc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01aGNyLWczMnAtaDc0Y84AA7WP
Lavalite CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS0ycGc2LXZ3OWMtcWhqds4AA7Ug
Passbolt API allows HTML injection
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Critical
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacks
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS12andnLTI4Z3YtcG04aM4AA7R7
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 24 days ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 25 days ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1tdzgyLTZtMmctcWg2Y84AA7PU
Sylius Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 26 days ago
High
GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 26 days ago
High
GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 26 days ago
High
GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1teDNwLWZocHcteDZyds4AA7NP
TCPDF vulnerable to Regular Expression Denial of Service
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
High
GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS02cHBnLXJncmctZjU3M84AA7ET
Dolibarr vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settings
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description field
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS13OGdmLWcydnEtajJmNM4AA6nf
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xamZ3LWN2amYtZjRmbc4AA6l3
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
Ecosystems: packagist
Packages: amphp/http-client, amphp/http
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wNzN4LXJwZ20tM3Y1Ns4AA6kj
Dolibarr ERP CRM Code Injection vulnerability during installation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaGY4LWY1dzktZzZ2aM4AA6i0
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Ecosystems: packagist
Packages: causal/oidc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01N3E1LWg2MjItM2NweM4AA6hD
UVDesk Community Helpdesk Improper Privilege Management
Ecosystems: packagist
Packages: uvdesk/core-framework
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qNHBjLXZxdmMtNHA5eM4AA6gs
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yajRnLXY0ZnYtcmh3Z84AA6g0
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yMnY3LXYzbWotcG04cs4AA6gq
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS02MjZyLWNqNDctcDQ5Z84AA6gu
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xanZtLXA1dmctNDM3Y84AA6gr
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jajNjLTV4cG0tY3g5NM4AA6dz
Kimai API returns timesheet entries a user should not be authorized to view
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS04cjVqLWdtM2otY3g5Y84AA6dB
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zOWZwLW1xbW0tZ3hqNs4AA6c_
CodeIgniter4 DoS Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2