Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist contao/core-bundle Security Advisories

Browse all Security Advisories for packagist contao/core-bundle

Loading...
Moderate
GSA_kwCzR0hTQS0yeHBxLXhwNmMtNW1nas4AA_md
Contao affected by insert tag injection via canonical URL
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00cDc1LTVwNTMtNjVtOc4AA_mc
Contao affected by directory traversal in the file selector widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 months ago
High
GSA_kwCzR0hTQS12bTZyLWo3ODgtaGpoNc4AA_mb
Contao affected by remote command execution through file upload
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00Z3ByLXA2MzQtOTIyeM4AA04d
Cross site scripting via input unit widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12cTU5LXg2bXEtNHdnd84AAhOk
Contao SQL injection in the file manager
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13MzhnLWhqNDUtbWpqcM4AAgjW
Contao SQL injection in the backend and listing module
Ecosystems: packagist
Packages: contao/listing-bundle, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tOHg2LTZyNjMtcXZqMs4AAgbl
Cross site scripting via canonical tag in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1od21oLTlqajktOGM5Y84AATmP
Contao CSRF Token Bypass
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12Y2dnLWhwNHItODdneM4AATl9
Contao Does Not Invalidate Existing Sessions When Password Changes
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS14NWc0LWNyeHEtcXhqeM4AAR8N
Contao Core directory traversal vulnerability
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qOTlnLXFqdngtOTk1Z83uwg
Contao Does Not Expire Tokens Correctly
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqNGotMjg3ai1mNzQy
Cross-site Scripting in Contao
Ecosystems: packagist
Packages: contao/core-bundle, contao/core, contao/contao
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyM2gteDZncS1ycWNw
Cross site scripting via HTML attributes in the back end
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxNW0tbXFteC1mdzZt
Privilege escalation via form generator
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2bXYtcHBqYy00aGdy
PHP file inclusion via insert tags
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OHYtYzZyZi1nOWY3
Cross site scripting in the system log
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjNDMtcXJycC05OGY1
Insert tag injection in the Contao login module
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtdmMtcWM1dy12NXFy
Information disclosure in the Contao backend
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDgtY2dybS1oaDhw
Unrestricted file uploads in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 5 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 contao/core-bundle 24 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 remdex/livehelperchat 23 tribalsystems/zenario 22 getkirby/cms 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 topthink/framework 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 symfony/security 17 francoisjacquet/rosariosis 17 opencart/opencart 17 genix/cms 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 openmage/magento-lts 16 typo3/cms-backend 16 october/system 15 symfony/security-http 15 ec-cube/ec-cube 15 smarty/smarty 15 feehi/cms 14 bolt/bolt 14 phpmailer/phpmailer 14 dompdf/dompdf 14 silverstripe/cms 14 studio-42/elfinder 13 sylius/sylius 13 lavalite/cms 13 impresscms/impresscms 13 admidio/admidio 13 pimcore/admin-ui-classic-bundle 13 elefant/cms 13 codeigniter4/framework 13 wwbn/avideo 12 phpmyfaq/phpmyfaq 12 symfony/http-foundation 12 phpoffice/phpspreadsheet 12 tinymce 11 wallabag/wallabag 11 TinyMCE 11 tinymce/tinymce 11 nukeviet/nukeviet 11 pagekit/pagekit 11 feehi/feehicms 11 ezsystems/ezplatform-kernel 11 october/october 10 ssddanbrown/bookstack 10 ezsystems/ezpublish-legacy 10 sulu/sulu 10 yiisoft/yii2 10 statamic/cms 9 concrete5/core 9 contao/core 9 kevinpapst/kimai2 9 bootstrap 9 alextselegidis/easyappointments 9 bootstrap 9 org.webjars:bootstrap 9 bootstrap 9 twbs/bootstrap 9 composer/composer 8 twig/twig 8 facturascripts/facturascripts 8 october/cms 8 codiad/codiad 8 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 pterodactyl/panel 8 silverstripe/admin 8 ezsystems/ezplatform-admin-ui 8 mantisbt/mantisbt 8 croogo/croogo 8 silverstripe/graphql 8 wpglobus/wpglobus 7 flarum/core 7 billz/raspap-webgui 7 passbolt/passbolt_api 7 bootstrap.sass 7 bootstrap-sass 7 backdrop/backdrop 7 symfony/http-kernel 7 october/backend 7 directmailteam/direct-mail 6 gleez/cms 6 yourls/yourls 6 bagisto/bagisto 6 icecoder/icecoder 6 oro/platform 6 pear/archive_tar 6 phpseclib/phpseclib 6 in2code/femanager 6 vrana/adminer 6 nystudio107/craft-seomatic 6 yiisoft/yii2-dev 6 guzzlehttp/guzzle 6 zoujingli/thinkadmin 6 dweeves/magmi 6 codeigniter/framework 5 gugoan/economizzer 5 bottelet/flarepoint 5 phpservermon/phpservermon 5 symfony/security-core 5 typo3/flow 5 typo3/cms-install 5 symfony/security-bundle 5 ibexa/core 5 illuminate/database 5 limesurvey/limesurvey 5 elgg/elgg 5 cachethq/cachet 5 silverstripe/assets 5 woocommerce/woocommerce 5 phpxmlrpc/phpxmlrpc 5 kimai/kimai 5 simplesamlphp/saml2 5 bootstrap-sass 5 mautic/core-lib 5 anchorcms/anchor-cms 5 neos/neos 5 neos/flow 5 thinkcmf/thinkcmf 5 evolutioncms/evolution 4 friendsofsymfony/user-bundle 4 shopware/storefront 4 pyrocms/pyrocms 4 ezsystems/ezplatform 4 notrinos/notrinos-erp 4 adodb/adodb-php 4 processwire/processwire 4 zendframework/zendopenid 4 bref/bref 4 bytefury/crater 4 codeigniter4/shield 4 idno/known 4 automad/automad 4 wintercms/winter 4 oro/commerce 4 wp-premium/gravityforms 4 sylius/resource-bundle 4 appwrite/server-ce 4 ezyang/htmlpurifier 4 reportico-web/reportico 4 modx/revolution 4 spatie/browsershot 4 magento/product-community-edition 4 shopxo/shopxo 4 typo3/cms-frontend 4 typo3/html-sanitizer 4 prestashop/productcomments 3 apache-solr-for-typo3/solr 3 typo3/phar-stream-wrapper 3 redaxo/source 3 django-tinymce 3 orchid/platform 3 ckeditor4 3 zendframework/zendservice-api 3 phenx/php-svg-lib 3 swiftmailer/swiftmailer 3 verbb/comments 3 facade/ignition 3
Filter by Repository
https://github.com/contao/contao 22