Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1xN2c2LXhmaDItdmhweM4AA6Rq
phpMyFAQ stored Cross-site Scripting at user email
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wd2gyLWZwZnIteDVnZs4AA6Rp
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yZ3J3LW1jOXItODIycs4AA6Rn
phpMyFAQ SQL injections at insertentry & saveentry
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
phpMyFAQ Stored HTML Injection at contentLink
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Storefront user can access history and most viewed data from matching back-office user with the same ID
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS05eHZmLWNqdmYtZmY1cc4AA6Rg
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Ecosystems: packagist
Packages: johnbillion/wp-crontrol
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yd2h4LWNjcjctZnhxbc4AA6O9
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS00eHc4LTlmajctajU4as4AA6O_
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qNGhxLWY2M3gtZjM5cs4AA6O2
Slow String Operations via MultiPart Requests in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wdjlqLWM1M3EtaDQzM84AA6Oz
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Ecosystems: packagist
Packages: friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handler
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
Grav File Upload Path Traversal
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mNm1oLTc5dmgtMmh2N84AA6Os
Cross-site Scripting in Moodle Chat
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: swiftmailer/swiftmailer, friendsofsymfony1/swiftmailer, friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
High
GSA_kwCzR0hTQS14YzdqLXdqMzYtcWpmcs4AA5zL
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qcjgzLW0yMzMtZ2c2cM4AA5wF
Sulu grants access to pages regardless of role permissions
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template Injection
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14eGY4LWZwbXItZnc3ds4AA5ib
Subrion CMS vulnerable to SQL Injection
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xNHFoLThweHctcjQ4cc4AA5iX
Subrion CMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03cDdxLWZqZnctdjNnZs4AA5gw
Bagisto Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01N2YyLThwODktNjZ4Ns4AA5fI
Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cnZoLXJ2YzQtNW00M84AA5fH
Kirby vulnerable to unrestricted file upload of user avatar images
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zOG04LTVnZmMtNjYzZ84AA5c3
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
High
GSA_kwCzR0hTQS0zcXBxLTZ3ODktZjdteM4AA5Zp
Pimcore Host Header Injection in user invitation link
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1tY3FqLTdwMjktOTUyOM4AA5Zo
MantisBT Host Header Injection vulnerability
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in Torrentpier
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qZnJnLTlocHEtOWh2cM4AA5Xx
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jcDhtLWg3NzctZzRwM84AA5Xw
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy
Cross-Site Request Forgery in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 months ago
High
GSA_kwCzR0hTQS00ODdnLTNtM3YtaGpocc4AA5Xz
Uncontrolled Resource Consumption in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv
Improper Handling of Parameters in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
High
GSA_kwCzR0hTQS03ZjJ2LTU4NzctcngzeM4AA5Wz
Code injection in REDAXO
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 3 months ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ
Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cmY4LWNtcmctNzQzNs4AA5LY
Cross-site scripting (XSS) vulnerability in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1nY2dqLXFoOHAtNTdobc4AA5LF
October CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcmZyLW1wZmotMmp3cc4AA5JP
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aGhmLXhtY3ctcjN4Z84AA5Ei
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NjQ4LTZnOTYtbWczNc4AA5Eh
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04amMzLTVwMjktcWdqeM4AA5CY
PHPMailer Local file inclusion
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02aDc4LTg1djItbW1jaM4AA5CX
PHPMailer Shell command injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05OWY5LWd2NzItZnc5cs4AA4_1
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 4 months ago
High
GSA_kwCzR0hTQS12cXhxLWh2eHctOW12Oc4AA4_z
Statmic CMS vulnerable to account takeover via XSS and password reset link
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yOXc2LWM1MmctbThqY84AA49-
C5 Firefly III CSV Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 4 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2