Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Moderate

GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB

CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

Moderate

GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA

CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

Moderate

GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_

CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

High

GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-

CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

Moderate

GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9

CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

Moderate

GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6

CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago

Critical

GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy

CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 16 days ago

High

GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9

CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

High

GSA_kwCzR0hTQS1nMnZ4LTh2NDctNHZoaM4AAgCu

CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1yN3A2LWZyM3gtcjg3N84AAfus

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB

CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

High

GSA_kwCzR0hTQS01NTZxLWg0dnItcGdoMs4AAV_g

CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

High

GSA_kwCzR0hTQS1qOHAzLThtNjktMmhxcc4AAVTw

CakePHP allows remote attackers to spoof their IP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1ydzczLXhtcHYtajV4Ms2NbQ

CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg

Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy

Cross-Site Request Forgery in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 12 months ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocngtaGNtNi1wbXJ3

Unsafe deserialization in SmtpTransport in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: about 3 years ago

Filter by Severity

Moderate 4,475 High 4,156 Critical 1,894 Low 621

Filter by Ecosystem

maven 3,466 npm 2,960 pypi 2,374 packagist 1,397 go 942 nuget 901 rubygems 640 cargo 575 hex 21 actions 6 pub 4

Filter by Package

microweber/microweber 68 pimcore/pimcore 44 shopware/platform 40 typo3/cms-core 38 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 snipe/snipe-it 28 moodle/moodle 25 remdex/livehelperchat 22 dolibarr/dolibarr 21 typo3/cms 18 mautic/core 18 concrete5/concrete5 17 cakephp/cakephp 17 shopware/shopware 17 thorsten/phpmyfaq 16 yetiforce/yetiforce-crm 16 silverstripe/framework 16 baserproject/basercms 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 symfony/symfony 14 grumpydictator/firefly-iii 13 tribalsystems/zenario 13 froxlor/froxlor 13 phpmailer/phpmailer 12 getkirby/cms 12 openmage/magento-lts 12 forkcms/forkcms 12 feehi/feehicms 11 intelliants/subrion 11 getgrav/grav 11 francoisjacquet/rosariosis 11 drupal/core 11 contao/core-bundle 10 october/system 10 centreon/centreon 9 concrete5/core 9 kevinpapst/kimai2 9 ssddanbrown/bookstack 8 topthink/framework 8 sylius/sylius 8 facturascripts/facturascripts 8 elefant/cms 8 impresscms/impresscms 8 magento/community-edition 7 ezsystems/ezpublish-kernel 7 october/cms 7 feehi/cms 7 october/backend 7 codeigniter4/framework 7 laravel/framework 7 simplesamlphp/simplesamlphp 6 guzzlehttp/guzzle 6 smarty/smarty 6 pterodactyl/panel 6 prestashop/prestashop 5 ezsystems/ezplatform-kernel 5 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 backdrop/backdrop 5 dompdf/dompdf 5 yourls/yourls 5 sulu/sulu 5 phpmyadmin/phpmyadmin 5 bottelet/flarepoint 5 symfony/security-http 5 pear/archive_tar 4 directmailteam/direct-mail 4 flarum/core 4 bolt/bolt 4 ezsystems/ezplatform-admin-ui 4 nukeviet/nukeviet 4 idno/known 4 pagekit/pagekit 4 symfony/http-foundation 4 symfony/http-kernel 4 tinymce 4 TinyMCE 4 tinymce/tinymce 4 wallabag/wallabag 4 cachethq/cachet 4 bytefury/crater 4 typo3/cms-form 3 elgg/elgg 3 spatie/browsershot 3 prestashop/productcomments 3 illuminate/database 3 notrinos/notrinos-erp 3 sylius/resource-bundle 3 symfony/security 3 enshrined/svg-sanitize 3 nystudio107/craft-seomatic 3 ibexa/core 3 nilsteampassnet/teampass 3 silverstripe/assets 3 wwbn/avideo 3 phpoffice/phpspreadsheet 3 twig/twig 3 composer/composer 3 icecoder/icecoder 3 shopware/storefront 3 rudloff/alltube 3 oro/platform 3 facade/ignition 3 gilacms/gila 3 shopxo/shopxo 2 ezsystems/ezplatform-rest 2 miniorange/miniorange-saml 2 yoast-seo-for-typo3/yoast_seo 2 exceedone/laravel-admin 2 exceedone/exment 2 lavalite/cms 2 yiisoft/yii2-dev 2 anchorcms/anchor-cms 2 erusev/parsedown 2 squizlabs/php_codesniffer 2 croogo/croogo 2 billz/raspap-webgui 2 modx/revolution 2 ptrofimov/beanstalk_console 2 symfony/framework-bundle 2 latte/latte 2 symfony/security-bundle 2 alextselegidis/easyappointments 2 october/october 2 studio-42/elfinder 2 silverstripe/graphql 2 getkirby/panel 2 laravel/laravel 2 symfony/cache 2 typo3/html-sanitizer 2 buddypress/buddypress 2 dweeves/magmi 2 silverstripe/cms 2 badaso/core 2 protobuf 2 silverstripe/admin 2 ibexa/admin-ui 2 opencart/opencart 2 processwire/processwire 2 in2code/femanager 2 noumo/easyii 2 typo3/cms-backend 2 oro/commerce 2 october/rain 2 wintercms/winter 2 com.google.protobuf:protobuf-parent 2 Google.Protobuf 2 librenms 2 unisharp/laravel-filemanager 2 league/commonmark 2 aheinze/cockpit 2 packbackbooks/lti-1-3-php-library 2 typo3fluid/fluid 2 verot/class.upload.php 2 cuyz/valinor 2 admidio/admidio 2 phpfastcache/phpfastcache 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 yiisoft/yii2-gii 2 helloxz/imgurl 2 drupal/drupal 2 filegator/filegator 2 neos/neos 2 s-cart/s-cart 2 ether/logs 2 bolt/core 2 privatebin/privatebin 2 grav 1 amazing/media2click 1 contao/managed-edition 1 vanilla/safecurl 1 livehelperchat/livehelperchat 1 automad/automad 1 swag/paypal 1 xataface/xataface 1 vova07/yii2-fileapi-widget 1 oneup/uploader-bundle 1 appwrite/server-ce 1 litespeed.js 1 laravel/fortify 1 pear/crypt_gpg 1 pwweb/laravel-core 1 joomla/archive 1 czproject/git-php 1 php-mod/curl 1 genix/cms 1 marcwillmann/turn 1 Sylius/Sylius 1 ectouch/ectouch 1 laminas/laminas-form 1 sylius/grid-bundle 1 mgallegos/laravel-jqgrid 1 lexik/jwt-authentication-bundle 1 yiisoft/yii 1 shopware/production 1 matyhtf/framework 1 melisplatform/melis-front 1 pocketmine/bedrock-protocol 1 melisplatform/melis-cms 1 bmarshall511/wordpress_zero_spam 1 statamic/cms 1 symfony/var-exporter 1 web-auth/webauthn-framework 1 yeswiki/yeswiki 1 fenom/fenom 1 open-web-analytics/open-web-analytics 1 t3/dce 1 hillelcoren/invoice-ninja 1 netgen/tagsbundle 1 snipe-it 1 gaoming13/wechat-php-sdk 1 bassjobsen/bootstrap-3-typeahead 1 wpanel/wpanel4-cms 1 socialiteproviders/steam 1 silverstripe/subsites 1 ibexa/graphql 1 symfony/phpunit-bridge 1 bootstrap-3-typeahead 1 simplesamlphp/simplesamlphp-module-openid 1 area17/twill 1 phpservermon/phpservermon 1 yii2mod/yii2-cms 1 s-cart/core 1 luyadev/yii-helpers 1 harvesthq/chosen 1 silverstripe/hybridsessions 1 wp-graphql/wp-graphql 1 sylius/paypal-plugin 1 fluidtypo3/vhs 1 tobiasbg/tablepress 1 andreapollastri/cipi 1 silverstripe/versioned-admin 1 DotNetCasClient 1 doctrine/dbal 1 symfony/serializer 1 silverstripe/silverstripe-omnipay 1 mojo42/jirafeau 1 simplito/elliptic-php 1 guzzlehttp/psr7 1 jasig/phpcas 1 orchid/platform 1 zendframework/zend-http 1 arc/web 1 org.jasig.cas:cas-client 1 james-heinrich/getid3 1 brotkrueml/typo3-matomo-integration 1 phpunit/phpunit 1 brotkrueml/schema 1 krayin/laravel-crm 1 topthink/thinkphp 1 phpmyfaq/phpmyfaq 1 gos/web-socket-bundle 1 symfont/process 1 thinkcmf/thinkcmf 1 phpmussel/phpmussel 1 symfony/security-guard 1 api-platform/core 1 cakephp/database 1 prestashop/ps_emailsubscription 1 topthink/think 1 terminal42/contao-tablelookupwizard 1 limesurvey/limesurvey 1 simplesamlphp/simplesamlphp-module-openidprovider 1 symfony/mime 1 liftkit/database 1 adminer 1 barryvdh/laravel-translation-manager 1 typo3/phar-stream-wrapper 1 kitodo/presentation 1 friendsoftypo3/mediace 1 barrelstrength/sprout-forms 1 symfony/security-core 1 mittwald/typo3_forum 1 barrelstrength/sprout-base-email 1 neoan3-apps/template 1 cardgate/magento2 1 catfan/medoo 1 neorazorx/facturascripts 1 codeception/codeception 1 derhansen/sf_event_mgt 1 islandora/islandora 1 woocommerce/woocommerce 1 hjue/justwriting 1 wanglelecc/laracms 1 nette/application 1 mezzio/mezzio-swoole 1 flarum/tags 1 zendframework/zend-diactoros 1 hyn/multi-tenant 1 symfony/proxy-manager-bridge 1 laminas/laminas-diactoros 1 froala/wysiwyg-editor 1 prestashop/ps_linklist 1 spipu/html2pdf 1 flarum/mentions 1 rankmath/seo-by-rank-math 1