Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwaDMtNDRyai05MnBy
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0yeDR2LWc4Y3gtanhycc4AArUC
Login timing attack in ibexa/core
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xM3E1LXF2aDUtY213Nc4AAz9T
liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS04eGY0LXc3cXctcGpqd802tA
Firebase PHP-JWT key/algorithm type confusion
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5Mmgtd21nMi02aHA3
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 56.1
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS12anEzLXgzZjItZnZ4cc4AATHt
Account takeover in facturascripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13OXBoLXE0aDktcndxNs4AAYu2
CodeIgniter and Kohana vulnerable to PHP Object Injection
Ecosystems: packagist
Packages: kohana/core, codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tOHhoLWNxYzItNXE2Zs02eQ
Type Confusion in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file upload
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yNmNtLXdnNDgtcmgycs0xCw
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Ecosystems: packagist
Packages: alextselegidis/easyappointments
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05OXIzLXhtbXEtN3E3Z84AAv0h
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4OHYtaHh4eC0ycmdo
Potential Code Injection in Sprout Forms
Ecosystems: packagist
Packages: barrelstrength/sprout-forms, barrelstrength/sprout-base-email
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1jNDQyLTMyNzgtcmhyZ80Vqg
Unrestricted File Upload in ShowDoc v2.9.5
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jcDJwLTZ4aDQtam1jcM4AAws8
nterchange Code Injection vulnerability
Ecosystems: packagist
Packages: nonfiction/nterchange
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnN2MtcTN2cS1yZ3hy
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS00Mjg2LWg0N2gtbTV2Ns0WtA
Showdoc File Upload Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGYtcWY5Zi01Zmd3
Remote code execution in zendframework and laminas-http
Ecosystems: packagist
Packages: laminas/laminas-http, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qN2c4LTNxcWctOGN2bc4AAUrm
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00NWhjLXI0ZmotcWo4Oc03vQ
SQL injection in pagekit/pagekit
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01NHA1LWd4cTYtajk4Z84AAj_C
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File Inclusion
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj
Unauthenticated remote code execution in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS13dmo1LXI3OHItaGhmcc4AAWjw
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNWMzLTNndmYtcThqNc4AAjbK
Dolibarr Improper Restriction of Excessive Authentication Attempts
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oaGcyLWc2aDYtYzI2Ns4AAid-
Yii SQL injection vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qNzh3LTZyNzMtMjJ2aM4AAUjj
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Ecosystems: packagist
Packages: fineuploader/php-traditional-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cmMtcngyNS04bTg2
Improper Input Validation in Symfony
Ecosystems: packagist
Packages: symfony/var-exporter, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yeDNyLTdqZ20tZ2g4eM4AAy--
Remote code execution in Voyager
Ecosystems: packagist
Packages: tcg/voyager
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jOHFjLWNwOHYtcHJweM4AAWYd
Centreon RCE Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoM3ItdnA0Ni04ZzIy
Code injection in topthink/think
Ecosystems: packagist
Packages: topthink/think
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12NTlwLXA2OTItdjM4Ms4AAig9
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zend-db, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wOWhwLTNncHYtNTJ3M84AAVUb
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qYzk0LXdwNTktcHE0Zs4AAT66
baserCMS SQL Injection vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3Z20tZjgzci12M3Fq
Improper Certificate Validation in WP-CLI framework
Ecosystems: packagist
Packages: wp-cli/wp-cli
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1xOXA0LXFmYzgtZnZwcM0Wdw
SQL Injection in medoo
Ecosystems: packagist
Packages: catfan/medoo
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 days ago
Critical
GSA_kwCzR0hTQS0zZmo0LXE3MngteDJnOc4AAbZb
ADOdb Library SQL Injection
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oMzRxLTg3OHctdzk2cs4AAUCK
Dolibarr SQL injection via the integer parameters qty and value_unit
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12eHI5LXAyeHctbThjZs4AAqpz
Dolibarr remote PHP code execution
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xNXJnLXdnN2gtNzNtNc4AAh_b
LibreNMS Information Disclosure
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jajJmLTk2anEtcGhwcM4AAV-a
Shopware RCE Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5Mm0taGhody12djl2
Code injection in codiad
Ecosystems: packagist
Packages: codiad/codiad
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1NzQtcXYzdy1mY21n
Deserialization of Untrusted Data in codeception/codeception
Ecosystems: packagist
Packages: codeception/codeception
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yN2M5LWM2OW0tcnBoOM02Aw
Code Injection in PHPUnit
Ecosystems: packagist
Packages: phpunit/phpunit
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14NTI1LTU0aGYteHI1M84AA74W
Blind XSS Leading to Froxlor Application Compromise
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS1yNmN3LTM1NmgtbXZ3Z84AAxkM
Code Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS13MnhmLTRnZzktODd3cs4AATSo
Centreon allows SNMP trap SQL Injection
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14dmhyLTdxNHEtcWpncM4AAW36
thinkphp SQL Injection via the index.php s parameter
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05djdtLWYzY3YtNjhyd84AAXmF
Dolibarr SQL injection vulnerability in comm/multiprix.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xdjVqLXJ3cTMtbTgyM84AAQF5
ThinkAdmin Administrator cookies still working after password change
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNXgtN214cC1ycDZq
Remote code execution via vulnerable Symphony dependecy injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnamMtMzMyYy04Y21j
SQL injection in phpMyAdmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxbTItZ3dxZi1yNWc1
SQL injection in TYPO3 extension
Ecosystems: packagist
Packages: ecodev/newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Nzg5LXY3NjctMzdyNc4AAXl_
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1oeGN3LXBxcWMtcnY4Nc4AARuz
Anchor CMS Logs Credentials
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0ycGNqLTc2aGoteHFobc4AAb2x
CodeIgniter arbitrary code execution
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyajctNmh4bS04N3Az
Craft CMS Remote Code Injection
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qaGNmLWo0aGctdjY0cs4AAitC
Pimcore Access Control Issues
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocGoyLTRoZmotZzIzM84AAj0L
Fat-Free Framework arbitrary code execution
Ecosystems: packagist
Packages: bcosca/fatfree
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03NWZtLTUybW0tcTVybc4AAUy_
ThinkPHP SQL injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zcHg1LXdqaDMtOXg2cs4AArCb
Mautic stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00ajZ2LTM4OTUtOGcyas4AAg-f
silverstripe restfulserver and registry modules SQL injection vulnerability
Ecosystems: packagist
Packages: silverstripe/restfulserver, silverstripe/registry
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS13eHZyLXFxbTctNmg2Nc4AAkyU
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Ecosystems: packagist
Packages: verbb/knock-knock
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34
phpMyAdmin unsanitized Git information
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacks
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13cmh4LTNweHItNnZnZ84AAhPp
Wikimedia MediaWiki Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1waDYyLTg3Njgtcjg3ds0uqg
Arbitrary file delete in ectouch/ectouch
Ecosystems: packagist
Packages: ectouch/ectouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03N2oyLTd3aHItNnZweM4AAUzW
Elefant CMS Code Execution Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01NmdqLW12aDYtcnA3Nc4AAxd4
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1mNDZqLXI3cTMtNmNtMs4AAx9L
Moodle SQL Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 19 hours ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2