Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0yNXE2LW00MjUtOWZxcs4AAtuW
Feehi CMS Cross-site Scripting
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qeGc5LTJjaDctZjU1Ms4AAttV
Feehi CMS arbitrary code execution via crafted PHP file
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ODM0LXh2NXEtY2dmd84AAtr2
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Mjc0LWg1anAtOTd2cs4AAtr1
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Ecosystems: packagist
Packages: laminas/laminas-diactoros
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MndoLW00anItMjMzcs4AAtoK
Moodle LTI module reflected XSS risk
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14cDJmLTlteDMtM2M2cM4AAtoC
Moodle PostScript Code Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNDN2LTVwZmYtcXFmas4AAtoG
Moodle Open redirect risk in mobile auto-login feature
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d3Y3LWg0Nzctd3J2N84AAtoF
Moodle Stored XSS and blind SSRF possible via SCORM track details
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wZ201LWNyNjItcHJ4cc4AAtoJ
Moodle Arbitrary file read when importing lesson questions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14ZzcyLTZjODMtZ2hoNM4AAtmg
Microweber Stored Cross-site Scripting before v1.2.20
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZmNnLTJxZ3ItdjI0M84AAtly
Microweber before 1.2.21 vulnerable to reflected XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Ecosystems: packagist
Packages: islandora/islandora
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cWo4LTZ4eGotaHA5aM4AAtdJ
Dompdf before v2.0.0 vulnerable to chroot check bypass
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd3ZmLTI4ZmctZzR4Z84AAtcS
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xMzdoLWpoZjMtODVjas4AAtaC
Bypass of CMS Safe Mode Security Feature
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cDczLXFnMnYtMzgzaM4AAtZ_
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
Ecosystems: packagist
Packages: packbackbooks/lti-1-3-php-library
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NjhtLTV3MzQtMnhmNc4AAtZ-
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Ecosystems: packagist
Packages: packbackbooks/lti-1-3-php-library
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Zjg1LTNmOHEtcWM5NM4AAtZ6
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ycHhnLWhnNzktaDhxOc4AAtZ0
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Ecosystems: packagist
Packages: in2code/lux
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djdoLWNwYzItcjhqcM4AAtX7
October CMS upload process vulnerable to RCE via Race Condition
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jOGYyLTVoMjktOGoyaM4AAtVQ
libconnect Extension for Typo3 Vulnerable to XSS
Ecosystems: packagist
Packages: subhh/libconnect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cGdtLTNqM2ctMnJjN84AAtUL
Valinor error messages leading to potential data exfiltration before v0.12.0
Ecosystems: packagist
Packages: cuyz/valinor
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05d3FyLTk3ODctcDRyZs4AAtSg
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWgzLXg1dzctamc1bc4AAtKq
Microweber before v1.2.20 vulnerable to cross-site scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNjg4LTdqM2MtaDlmM84AAtKi
Known v1.3.1 Cross-site Scripting
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00djRwLTg3bTMtNTQyM84AAtKh
Known v1.3.1 contains Insecure Direct Object Reference
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01amdqLWg5d3AtNTNmcs4AAtKk
Known vulnerable to code execution via SVG file in v1.3.1
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNzU3LTR2M3Atajc0Zs4AAtKj
Known vulnerable to account takeover via host header injection attack in v1.3.1
Ecosystems: packagist
Packages: idno/known
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14d3F4LXgzOGMtY3c5Nc4AAtJv
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13ODJ4LXhqanItY2pyNc4AAtJP
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNm1wLTU2MngtZ2d2ds4AAtGX
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cGcyLXFnODctdm1qN84AAtFk
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMzc3LXg4cmctYzltZs4AAtCY
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MzdqLTVxYzMtYzU4Oc4AAtCQ
Open Redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jeGd3LXI1amctN3h3cc4AAtB6
Code injection in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NjhnLTYydjktMzl3Nc4AAtB1
Unpublished, protected files can be published via shortcode
Ecosystems: packagist
Packages: silverstripe/assets
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz
Stored XSS via HTML fields in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3E4LW00eHctYzY3NM4AAtBx
Hybridsessions does not expire session id on logout
Ecosystems: packagist
Packages: silverstripe/hybridsessions
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcjZtLWYzZ3YtODY3OM4AAtBd
Cross-site Scripting in admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wZjZwLTI1cjItZng0Nc4AAtBR
Server-Side Request Forgery in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yangzLTVqOXYtcHJwcM4AAs_N
BlockWishList SQL Injection vulnerability
Ecosystems: packagist
Packages: prestashop/blockwishlist
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zanhoLTY2MzUtNmp3cM4AAs93
Path traversal in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMnd3LTZ3djYtdnczY84AAs-f
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02eGM0LTdmbW0tNjVxMs4AAs-a
Code injection in concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDk2LW00MnYtaHZoNc4AAs6_
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ndm1mLXdjeDYtcDk3NM4AAs60
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzU0LXZ3YzQtcDZxas4AAs6z
Authenticated Stored Cross-site Scripting in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wbTM3LTVqNW0tNmN2d84AAs6P
Cross-site Scripting in NukeViet CMS
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12ODI5LWo5cnItODV2Oc4AAs5j
Cross-site Scripting in krayin/laravel-crm
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xNTU5LThtMm0tZzY5Oc4AAs5c
Change in port should be considered a change in origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yNW1xLXY4NHEtNGo3cs4AAs5X
CURLOPT_HTTPAUTH option not cleared on change of origin
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14d2o3LTI5ajctcnc3Ns4AAs5R
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wcTdmLWNxNnEtOTR4aM4AAs5P
Cross-Site Request Forgery in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjdnLThxM3gtanB4Oc4AAs5A
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NDUzLWcyOTUtMjRtaM4AAs5Q
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01aGZtLWc3OTktd2p3Ns4AAs5N
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1td2g2LWc5d3gteGN4M84AAs4o
Unrestricted Upload of File with Dangerous Type in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1neDZ2LTY3cXYtcmh4Nc4AAs4q
Code injection in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yN2czLTU4djQtZmc5d84AAs4k
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ndnh2LXA5cnYtZ21jZ84AArta
brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting
Ecosystems: packagist
Packages: brotkrueml/typo3-matomo-integration
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNzR3LWd3cXItZm14Z84AArtY
brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS
Ecosystems: packagist
Packages: brotkrueml/schema
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d2p3LXIzZ2otMzlmcc4AArtR
Insufficient Session Expiration in TYPO3's Admin Tool
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNG14LXh2OTYtMmpnbc4AArtQ
Cross-Site Scripting in TYPO3's Frontend Login Mailer
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcjk1LTIzanAtbWh2Z84AArtP
Cross-Site Scripting in TYPO3's Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1maDk5LTRwZ3ItOGo5Oc4AArtO
Insertion of Sensitive Information into Log File in typo3/cms-core
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Z212LTlod2ctdzg5Z84AArtN
Information Disclosure via Export Module
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12MjVjLTgzNDktdjJxM84AArk5
Incorrect Authorization in thinkcmf
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ZnZyLTc5NDUtbWc3d84AArio
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zcHF2LTZwbTMtZzQ2as4AArjO
SQL Injection in RosarioSIS
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcDc2LWYyOTktdjNoas4AAri9
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNndtLW1yODUtNGg5Z84AArjb
Cross site scripting in facturascripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02aGpjLW0zOGgtN2poaM4AArgg
Cross-site Scripting in SEOmatic plugin
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nN3hyLXY4MnctcWdncc4AArga
Code Injection in SEOmatic
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qdnE0LWNnZnctamdmNM4AArgU
Cross site scripting in intelliants/subrion
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOGM3LTNqcHEtODk4Nc4AArep
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00aHByLWhoNzctNnE5cM4AArfW
Cross site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mMndmLTI1eGMtNjljOc4AAreO
Failure to strip the Cookie header on change in host or HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13MjQ4LWZmajItNHY1cc4AAreN
Fix failure to strip Authorization header on HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13amg5LTM0NGctdmM0Oc4AArdi
Cross-site Scripting in RosarioSIS
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mMmc1LTQyNmYtMzUzcc4AArc_
Cross-site Scripting in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDN3LXZjangtNzc5Ns4AAra1
Cross-Site Request Forgery in easyii CMS
Ecosystems: packagist
Packages: noumo/easyii
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mcXgzLXI3NWgtdmM4Oc4AArad
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yN2p3LW1nMjctajgzOc4AArZO
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yM2YyLXZncjYtZnd2N84AArWl
Command injection in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ3FnLTJyZzctZ2gzM84AArWh
Cross site scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03bTloLXY2OHctcGZ3M84AArUp
Neos CMS vulnerable to XSS in various backend modules
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yeDR2LWc4Y3gtanhycc4AArUC
Login timing attack in ibexa/core
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14ZnFnLXA0OGctaGg5NM4AArUB
Login timing attack in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNDJjLXZjZmYtMmZmMs4AArUA
Login timing attack in ezsystems/ezplatform-kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mbTUzLW1wbXAtN3F3Ms4AArNK
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
Ecosystems: packagist
Packages: fof/upload
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wanBjLTg3bXAtNDMzMs4AArNG
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1najk0LXY0cDktdzY3Ms4AArNE
Denial-of-service vulnerability processing large chat messages containing many newlines
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02MzR4LXBjM3EtY2Y0Y84AArNC
PHP Code Injection by malicious block or filename in Smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZnhmLTRmcnItOWozcc4AArNB
XSS in various backend modules due to (un)escaping in JS notification module
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jd214LWhjcnEtbWhjM84AArM4
Cross-domain cookie leakage in Guzzle
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ycmp2LTM0cDUtNGM3cs4AArMw
SQL injection in helloxz/imgurl
Ecosystems: packagist
Packages: helloxz/imgurl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,811 pypi 3,712 npm 3,543 go 1,896 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 simplesamlphp/simplesamlphp 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 ezsystems/ezpublish-kernel 14 smarty/smarty 14 impresscms/impresscms 13 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 october/system 13 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 phpmyfaq/phpmyfaq 12 feehi/feehicms 11 feehi/cms 11 zendframework/zendframework 11 silverstripe/cms 11 sylius/sylius 10 wwbn/avideo 10 admidio/admidio 10 opencart/opencart 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 wallabag/wallabag 10 laravel/framework 10 ezsystems/ezplatform-kernel 10 pagekit/pagekit 10 tinymce 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 concrete5/core 9 TinyMCE 9 alextselegidis/easyappointments 9 october/october 9 kevinpapst/kimai2 9 tinymce/tinymce 9 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 croogo/croogo 8 symfony/http-foundation 7 wpglobus/wpglobus 7 silverstripe/graphql 7 flarum/core 7 statamic/cms 7 silverstripe/admin 7 pterodactyl/panel 7 october/backend 7 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 dweeves/magmi 6 yiisoft/yii2-dev 6 guzzlehttp/guzzle 6 bagisto/bagisto 6 yourls/yourls 6 in2code/femanager 6 contao/core 6 gleez/cms 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 backdrop/backdrop 6 vrana/adminer 5 phpxmlrpc/phpxmlrpc 5 symfony/security-core 5 ibexa/core 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ezsystems/ezplatform-admin-ui 5 billz/raspap-webgui 5 pear/archive_tar 5 gugoan/economizzer 5 bottelet/flarepoint 5 anchorcms/anchor-cms 5 typo3/cms-install 5 phpseclib/phpseclib 5 oro/platform 5 idno/known 4 wintercms/winter 4 woocommerce/woocommerce 4 typo3/cms-frontend 4 notrinos/notrinos-erp 4 evolutioncms/evolution 4 bytefury/crater 4 codeigniter4/shield 4 typo3/html-sanitizer 4 oro/commerce 4 symfony/security-bundle 4 wp-premium/gravityforms 4 modx/revolution 4 spatie/browsershot 4 bref/bref 4 magento/product-community-edition 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/dolibarr/dolibarr 10 https://github.com/top-think/framework 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/tinymce/tinymce 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/wintercms/winter 6 https://github.com/gleez/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/ibexa/core 5 https://github.com/jbroadway/elefant 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/composer/composer 5 https://github.com/zendframework/zf1 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/phpseclib/phpseclib 5 https://github.com/nukeviet/nukeviet 5 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/brefphp/bref 4 https://github.com/screetsec/VDD 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/kimai/kimai 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/oroinc/crm 3 https://github.com/PrestaShop/productcomments 3 https://github.com/modxcms/revolution 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/facade/ignition 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/pixelfed/pixelfed 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/liufee/feehicms 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2