Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist contao/core-bundle Security Advisories

Loading...
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 4 months ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00Z3ByLXA2MzQtOTIyeM4AA04d
Cross site scripting via input unit widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12cTU5LXg2bXEtNHdnd84AAhOk
Contao SQL injection in the file manager
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13MzhnLWhqNDUtbWpqcM4AAgjW
Contao SQL injection in the backend and listing module
Ecosystems: packagist
Packages: contao/listing-bundle, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tOHg2LTZyNjMtcXZqMs4AAgbl
Cross site scripting via canonical tag in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1od21oLTlqajktOGM5Y84AATmP
Contao CSRF Token Bypass
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12Y2dnLWhwNHItODdneM4AATl9
Contao Does Not Invalidate Existing Sessions When Password Changes
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NWc0LWNyeHEtcXhqeM4AAR8N
Contao Core directory traversal vulnerability
Ecosystems: packagist
Packages: contao/core, contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qOTlnLXFqdngtOTk1Z83uwg
Contao Does Not Expire Tokens Correctly
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqNGotMjg3ai1mNzQy
Cross-site Scripting in Contao
Ecosystems: packagist
Packages: contao/core-bundle, contao/core, contao/contao
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyM2gteDZncS1ycWNw
Cross site scripting via HTML attributes in the back end
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxNW0tbXFteC1mdzZt
Privilege escalation via form generator
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2bXYtcHBqYy00aGdy
PHP file inclusion via insert tags
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OHYtYzZyZi1nOWY3
Cross site scripting in the system log
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjNDMtcXJycC05OGY1
Insert tag injection in the Contao login module
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtdmMtcWM1dy12NXFy
Information disclosure in the Contao backend
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDgtY2dybS1oaDhw
Unrestricted file uploads in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 4 years ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,559 High 6,707 Critical 2,930 Low 1,073
Filter by Ecosystem
maven 5,662 packagist 4,372 pypi 4,006 npm 3,637 go 2,075 nuget 1,467 rubygems 827 cargo 824 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 342 magento/community-edition 204 typo3/cms 174 pimcore/pimcore 117 dolibarr/dolibarr 112 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 85 drupal/drupal 76 thorsten/phpmyfaq 70 symfony/symfony 64 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 craftcms/cms 42 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 zendframework/zendframework1 34 snipe/snipe-it 33 shopware/shopware 30 mautic/core 30 getgrav/grav 29 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 mediawiki/core 24 zendframework/zendframework 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 getkirby/cms 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 contao/contao 18 symfony/security 17 ezsystems/ezpublish-kernel 17 genix/cms 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 opencart/opencart 17 topthink/framework 17 yetiforce/yetiforce-crm 16 october/system 15 smarty/smarty 15 ec-cube/ec-cube 15 openmage/magento-lts 15 symfony/security-http 14 phpmailer/phpmailer 14 typo3/cms-backend 14 silverstripe/cms 14 codeigniter4/framework 13 elefant/cms 13 bolt/bolt 13 lavalite/cms 13 impresscms/impresscms 13 dompdf/dompdf 12 phpbb/phpbb 12 sylius/sylius 12 studio-42/elfinder 12 phpmyfaq/phpmyfaq 12 tinymce 11 wwbn/avideo 11 TinyMCE 11 tinymce/tinymce 11 feehi/feehicms 11 ezsystems/ezplatform-kernel 11 pimcore/admin-ui-classic-bundle 11 symfony/http-foundation 11 feehi/cms 11 admidio/admidio 10 ezsystems/ezpublish-legacy 10 wallabag/wallabag 10 yiisoft/yii2 10 nukeviet/nukeviet 10 pagekit/pagekit 10 ssddanbrown/bookstack 10 funadmin/funadmin 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 contao/core 9 kevinpapst/kimai2 9 croogo/croogo 8 codiad/codiad 8 gilacms/gila 8 october/cms 8 silverstripe/admin 8 pimcore/customer-management-framework-bundle 8 composer/composer 8 sulu/sulu 8 statamic/cms 8 facturascripts/facturascripts 8 silverstripe/graphql 8 passbolt/passbolt_api 7 ezsystems/ezplatform-admin-ui 7 wpglobus/wpglobus 7 pterodactyl/panel 7 symfony/http-kernel 7 mantisbt/mantisbt 7 backdrop/backdrop 7 october/backend 7 flarum/core 7 yourls/yourls 6 vrana/adminer 6 phpseclib/phpseclib 6 guzzlehttp/guzzle 6 automad/automad 6 dweeves/magmi 6 gleez/cms 6 zoujingli/thinkadmin 6 bagisto/bagisto 6 in2code/femanager 6 directmailteam/direct-mail 6 yiisoft/yii2-dev 6 nystudio107/craft-seomatic 6 oro/platform 6 elgg/elgg 5 typo3/cms-install 5 symfony/security-core 5 cachethq/cachet 5 bottelet/flarepoint 5 simplesamlphp/saml2 5 neos/flow 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 phpservermon/phpservermon 5 twig/twig 5 billz/raspap-webgui 5 phpxmlrpc/phpxmlrpc 5 pear/archive_tar 5 woocommerce/woocommerce 5 neos/neos 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 typo3/flow 5 illuminate/database 5 codeigniter/framework 5 ibexa/core 5 appwrite/server-ce 4 kimai/kimai 4 sylius/resource-bundle 4 modx/revolution 4 notrinos/notrinos-erp 4 pyrocms/pyrocms 4 shopxo/shopxo 4 idno/known 4 wintercms/winter 4 symfony/security-bundle 4 evolutioncms/evolution 4 friendsofsymfony/user-bundle 4 adodb/adodb-php 4 bytefury/crater 4 typo3/html-sanitizer 4 spatie/browsershot 4 ezsystems/ezplatform 4 codeigniter4/shield 4 zendframework/zendopenid 4 wp-premium/gravityforms 4 bref/bref 4 magento/product-community-edition 4 typo3/cms-frontend 4 oro/commerce 4 processwire/processwire 4 shopware/storefront 4 limesurvey/limesurvey 3 symfony/form 3 amphp/http-client 3 qcubed/qcubed 3 joomla/framework 3 zendframework/zend-diactoros 3 apache-solr-for-typo3/solr 3 flarum/framework 3 froala/wysiwyg-editor 3 zendframework/zend-http 3 ckeditor4 3 facade/ignition 3 prestashop/productcomments 3 yiisoft/yii 3 doctrine/orm 3 typo3/cms-form 3 phenx/php-svg-lib 3 rudloff/alltube 3 enhavo/enhavo-app 3 zencart/zencart 3 privatebin/privatebin 3 icecoder/icecoder 3 pixelfed/pixelfed 3 reportico-web/reportico 3 verbb/comments 3 phpoffice/phpspreadsheet 3
Filter by Repository
https://github.com/contao/contao 19