Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02NmMyLXA4cmgtcXg4N84AA5dj
baserCMS Cross-site Scripting vulnerability in Site search Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03N2ZjLTRjdjUtaG1mcs4AA5di
baserCMS OS command injection vulnerability in Installer
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zOG04LTVnZmMtNjYzZ84AA5c3
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1najQ4LXc3NHctOGd2bc4AA5cs
Path Traversal in TYPO3 Core
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xdjR4LXYydjQtZjhwOc4AA5cm
Kirby CMS HTML injection vulnerability
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FyLXFyNHgtajI3M84AA5bM
php-svg-lib lacks path validation on font through SVG inline styles
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
High
GSA_kwCzR0hTQS0zcXBxLTZ3ODktZjdteM4AA5Zp
Pimcore Host Header Injection in user invitation link
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1tY3FqLTdwMjktOTUyOM4AA5Zo
MantisBT Host Header Injection vulnerability
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in Torrentpier
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qZnJnLTlocHEtOWh2cM4AA5Xx
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv
Improper Handling of Parameters in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy
Cross-Site Request Forgery in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jcDhtLWg3NzctZzRwM84AA5Xw
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
High
GSA_kwCzR0hTQS00ODdnLTNtM3YtaGpocc4AA5Xz
Uncontrolled Resource Consumption in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 2 months ago
High
GSA_kwCzR0hTQS03ZjJ2LTU4NzctcngzeM4AA5Wz
Code injection in REDAXO
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 2 months ago
High
GSA_kwCzR0hTQS01dzJoLTU5ajMtOHg1d84AA5RL
TYPO3 Install Tool vulnerable to Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13NngyLWpnOGgtcDZtcM4AA5RJ
Path Traversal in TYPO3 File Abstraction Layer Storages
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
High
GSA_kwCzR0hTQS1yajN4LXd2YzYtNWo2Ns4AA5P4
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13Zjg1LThoeDktZ2o3Y84AA5P3
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oNDdtLTNmNzgtcXA5Z84AA5P2
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zOHIyLTU2OTUtMzM0d84AA5P0
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 2 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cmY4LWNtcmctNzQzNs4AA5LY
Cross-site scripting (XSS) vulnerability in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1nY2dqLXFoOHAtNTdobc4AA5LF
October CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcmZyLW1wZmotMmp3cc4AA5JP
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aGhmLXhtY3ctcjN4Z84AA5Ei
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NjQ4LTZnOTYtbWczNc4AA5Eh
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04amMzLTVwMjktcWdqeM4AA5CY
PHPMailer Local file inclusion
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS02aDc4LTg1djItbW1jaM4AA5CX
PHPMailer Shell command injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OWY5LWd2NzItZnc5cs4AA4_1
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
High
GSA_kwCzR0hTQS12cXhxLWh2eHctOW12Oc4AA4_z
Statmic CMS vulnerable to account takeover via XSS and password reset link
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yOXc2LWM1MmctbThqY84AA49-
C5 Firefly III CSV Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12ODlxLWMyNzMtM3A0Ms4AA48N
Craft CMS Audit Plugin Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: superbig/craft-audit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s
Arbitrary Code Execution in Processwire
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcnFnLW13aDctcTk0as4AA42m
Host header injection in the password reset
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1jd3g2LTR3bWYtYzZ4ds4AA42l
SQL Injection in Admin download files as zip
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qM202LWd2bTgtbWh2d84AA4ou
No permission checks for editing/deleting records with CSV import form
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xbTJqLXF2cTMtajI5ds4AA4oN
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qZ3BoLXc4cmgteGY1cM4AA4oM
View permissions are bypassed for paginated lists of ORM data
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zODY3LWpjNWMtNjZxZs4AA4if
Broken Access Control order API in Shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jOTYyLWc1MzMtODIzZs4AA4gW
Cross-site Scripting in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04bTVmLTJ4dnAtMmM4d84AA4Vk
WWBN AVideo recovery notification bypass vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12OTc3LWg0aG0tcnJmZs4AA4Vu
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbaility
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nMjczLXdwcHgtODJ3NM4AA4U0
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jMzhjLWM4bWgtdnE2OM4AA4Uz
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jeDk5LTI1aHItNWp4Zs4AA4Uy
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
Ecosystems: packagist
Packages: pimcore/ecommerce-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05M3A2LTljeHYtNXJwcc4AA4Rr
juzawebCMS Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12d3YyLTl3Y2otNjR2eM4AA4M1
Firefly III allows webhooks HTML Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12NmY0LWp3djktNjgyd84AA4Mo
class.upload.php allows cross-site scripting attacks via uploaded files
Ecosystems: packagist
Packages: verot/class.upload.php
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 4 months ago
High
GSA_kwCzR0hTQS02MjVnLWZtNXctdzd3NM4AA4Mn
Froxlor username/surname AND company field Bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNWc5LWo3cjQtNnF2eM4AA4L0
Craft CMS Privilege Escalation
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 months ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zcGZqLWc0d3ItcWozas4AA4J-
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS00dmY2LTJybXgtZmdxeM4AA4KC
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ycGp3LTk3cDgtcDJ4cM4AA4KA
Gila CMS SQL Injection
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xcDQyLTVwajctNGNjbc4AA4Bf
Concrete CMS Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01NTd2LXhjZzYtcm01bc4AA3_F
Potential URI resolution path traversal in the AWS SDK for PHP
Ecosystems: packagist
Packages: aws/aws-sdk-php
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00ajh3LXA2aHYtM3F4Y84AA3-Y
Cross-Site Request Forgery (CSRF) in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mcHBoLW1xYzgtaDZxNc4AA3-O
Unrestricted File Upload affecting automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xNXEzLXFtMjYtOWp3bc4AA3-T
Authenticated Blind SSRF in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS03ajloLWNoMzgtNDc0cs4AA398
Stored Cross-site scripting affecting automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04N2ZnLTl4NXctajNybc4AA371
MainWP Dashboard SQL Command Injection vulnerability
Ecosystems: packagist
Packages: mainwp/mainwp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02N2d2LXhydzctcDcyd84AA35i
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: phpsysinfo/phpsysinfo
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02MjVwLWp3Y3AtcjJyNc4AA35N
Corveda PHPSandbox Protection Mechanism Failure vulnerability
Ecosystems: packagist
Packages: corveda/phpsandbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ydzU0LTY4MjYtYzhqNc4AA34O
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13OHhqLTk5MmctODQyZs4AA33M
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00aDM3LXE1ajMtaHc5Ns4AA33O
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xamZ4LWZ2eDctM3d2d84AA3yi
Business Logic Errors in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qOGN3LXBwbXYtd2o4Nc4AA3v9
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
Ecosystems: packagist
Packages: t3s/content-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00eHA1LWhyMzUtODRjeM4AA3v8
Broken Access Control in extension "femanager"
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 4 months ago
Statistics
Advisories: 17,986
Packages: 8,213
Repositories: 577
Ecosystems: 12
Filter by Severity
Moderate 7,727 High 6,244 Critical 2,768 Low 965
Filter by Ecosystem
maven 5,513 packagist 3,612 pypi 3,543 npm 3,530 go 1,876 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
moodle/moodle 318 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 94 microweber/microweber 91 phpmyadmin/phpmyadmin 91 drupal/core 70 thorsten/phpmyfaq 70 typo3/cms-core 70 drupal/drupal 56 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 symfony/symfony 46 baserproject/basercms 43 showdoc/showdoc 40 nilsteampassnet/teampass 37 craftcms/cms 36 shopware/core 36 snipe/snipe-it 32 intelliants/subrion 31 froxlor/froxlor 28 mautic/core 28 silverstripe/framework 27 shopware/shopware 27 getgrav/grav 27 centreon/centreon 27 prestashop/prestashop 24 magento/core 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 22 getkirby/cms 22 forkcms/forkcms 18 tribalsystems/zenario 18 francoisjacquet/rosariosis 17 cakephp/cakephp 17 cockpit-hq/cockpit 17 yetiforce/yetiforce-crm 16 topthink/framework 15 contao/core-bundle 15 openmage/magento-lts 15 phpmailer/phpmailer 14 smarty/smarty 14 zendframework/zendframework1 14 typo3/cms-backend 14 october/system 13 elefant/cms 13 ezsystems/ezpublish-kernel 13 impresscms/impresscms 13 codeigniter4/framework 13 symfony/security 13 symfony/security-http 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 lavalite/cms 12 bolt/bolt 12 studio-42/elfinder 12 feehi/feehicms 11 contao/contao 11 zendframework/zendframework 11 feehi/cms 11 silverstripe/cms 11 ezsystems/ezplatform-kernel 10 admidio/admidio 10 wallabag/wallabag 10 wwbn/avideo 10 nukeviet/nukeviet 10 dompdf/dompdf 10 pagekit/pagekit 10 opencart/opencart 10 sylius/sylius 10 pimcore/admin-ui-classic-bundle 10 simplesamlphp/simplesamlphp 9 alextselegidis/easyappointments 9 laravel/framework 9 tinymce 9 tinymce/tinymce 9 TinyMCE 9 funadmin/funadmin 9 october/october 9 ssddanbrown/bookstack 9 kevinpapst/kimai2 9 concrete5/core 9 pimcore/customer-management-framework-bundle 8 gilacms/gila 8 facturascripts/facturascripts 8 sulu/sulu 8 yiisoft/yii2 8 october/cms 8 croogo/croogo 7 october/backend 7 flarum/core 7 symfony/http-foundation 7 statamic/cms 7 silverstripe/admin 7 silverstripe/graphql 7 yiisoft/yii2-dev 6 backdrop/backdrop 6 guzzlehttp/guzzle 6 yourls/yourls 6 directmailteam/direct-mail 6 pterodactyl/panel 6 in2code/femanager 6 dweeves/magmi 6 composer/composer 6 zoujingli/thinkadmin 6 wpglobus/wpglobus 6 nystudio107/craft-seomatic 6 billz/raspap-webgui 5 symfony/http-kernel 5 anchorcms/anchor-cms 5 phpxmlrpc/phpxmlrpc 5 automad/automad 5 phpseclib/phpseclib 5 vrana/adminer 5 cachethq/cachet 5 elgg/elgg 5 pear/archive_tar 5 typo3/cms-install 5 bagisto/bagisto 5 ibexa/core 5 bottelet/flarepoint 5 oro/platform 5 gugoan/economizzer 5 codeigniter4/shield 4 bytefury/crater 4 ezsystems/ezplatform-admin-ui 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 oro/commerce 4 idno/known 4 wintercms/winter 4 wp-premium/gravityforms 4 shopware/storefront 4 symfony/security-core 4 silverstripe/assets 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 typo3/html-sanitizer 4 magento/product-community-edition 4 spatie/browsershot 4 symfony/security-bundle 4 modx/revolution 4 bref/bref 4 phenx/php-svg-lib 3 qcubed/qcubed 3 enhavo/enhavo-app 3 joomla/joomla-cms 3 ckeditor4 3 illuminate/database 3 typo3/cms-form 3 kimai/kimai 3 joomla/framework 3 appwrite/server-ce 3 zencart/zencart 3 facade/ignition 3 quickapps/cms 3 yiisoft/yii 3 artesaos/seotools 3 prestashop/productcomments 3 tecnickcom/tcpdf 3 mantisbt/mantisbt 3 pixelfed/pixelfed 3 enshrined/svg-sanitize 3 phpoffice/phpspreadsheet 3 sylius/resource-bundle 3 shopxo/shopxo 3 zendframework/zendservice-api 3 zendframework/zendservice-amazon 3 zendframework/zendservice-windowsazure 3 adodb/adodb-php 3 rudloff/alltube 3 froala/wysiwyg-editor 3 zendframework/zendservice-technorati 3 twig/twig 3 flarum/framework 3 verot/class.upload.php 3 zendframework/zendopenid 3 zendframework/zendrest 3 zendframework/zendservice-audioscrobbler 3 codeigniter/framework 3 apache-solr-for-typo3/solr 3 processwire/processwire 3 uvdesk/community-skeleton 3 limesurvey/limesurvey 3 zendframework/zendservice-nirvanix 3 icecoder/icecoder 3 verbb/comments 3 zendframework/zendservice-slideshare 3 amphp/http-client 2 munkireport/munkireport 2 yiisoft/yii2-gii 2 munkireport/managedinstalls 2 codiad/codiad 2 ckeditor/ckeditor 2 buddypress/buddypress 2 ether/logs 2 juzaweb/cms 2
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 54 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/symfony/symfony 40 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/liufee/cms 17 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/contao/contao 16 https://github.com/intelliants/subrion 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/centreon/centreon-archived 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/Studio-42/elFinder 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dompdf/dompdf 11 https://github.com/drupal/core 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/top-think/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/tinymce/tinymce 9 https://github.com/funadmin/funadmin 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/LavaLite/cms 9 https://github.com/neorazorx/facturascripts 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/simplesamlphp/simplesamlphp 8 https://github.com/wallabag/wallabag 8 https://github.com/admidio/admidio 8 https://github.com/laravel/framework 8 https://github.com/sulu/sulu 8 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/statamic/cms 6 https://github.com/pterodactyl/panel 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/guzzle/guzzle 6 https://github.com/croogo/croogo 6 https://github.com/bookstackapp/bookstack 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/oroinc/orocommerce 6 https://github.com/TribalSystems/Zenario 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/composer/composer 5 https://github.com/vrana/adminer 5 https://github.com/phpseclib/phpseclib 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/nukeviet/nukeviet 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/zendframework/zf1 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/codeigniter4/shield 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/spatie/browsershot 4 https://github.com/oroinc/platform 4 https://github.com/screetsec/VDD 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/crater-invoice/crater 4 https://github.com/yourls/yourls 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/opencart/opencart 4 https://github.com/backdrop/backdrop 4 https://github.com/brefphp/bref 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/phpservermon/phpservermon 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/quickapps/cms 3 https://github.com/qcubed/qcubed 3 https://github.com/zendframework/zendframework 3 https://github.com/ADOdb/ADOdb 3 https://github.com/guzzle/psr7 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/dd3x3r/enhavo 3 https://github.com/elgg/elgg 3 https://github.com/Rudloff/alltube 3 https://github.com/concrete5/concrete5 3 https://github.com/kimai/kimai 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/PrestaShop/productcomments 3 https://github.com/artesaos/seotools 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/appwrite/appwrite 3 https://github.com/BookStackApp/BookStack 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/bagisto/bagisto 3 https://github.com/mantisbt/mantisbt 3 https://github.com/twigphp/Twig 3 https://github.com/in2code-de/femanager 3 https://github.com/idno/known 3 https://github.com/verbb/comments 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/gleez/cms 2 https://github.com/flarum/core 2 https://github.com/reportico-web/reportico 2 https://github.com/nette/latte 2 https://github.com/filegator/filegator 2 https://github.com/Froxlor/Froxlor 2 https://github.com/dompdf/php-svg-lib 2 https://github.com/munkireport/munkireport-php 2 https://github.com/ethercreative/logs 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/phpbb/phpbb 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/orchidsoftware/platform 2 https://github.com/phpmyadmin/composer 2 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/Elgg/Elgg 2 https://github.com/Ek-Saini/security 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/icecoder/ICEcoder 2 https://github.com/buddypress/BuddyPress 2 https://github.com/bolt/core 2 https://github.com/tecnickcom/TCPDF 2 https://github.com/thephpleague/commonmark 2 https://github.com/thinkcmf/thinkcmf 2 https://github.com/top-think/thinkphp 2 https://github.com/tpwd/ke_search 2 https://github.com/TYPO3/Fluid 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/azuracast/azuracast 2 https://github.com/aws/aws-sdk-php 2 https://github.com/verbb/image-resizer 2 https://github.com/verbb/knock-knock 2 https://github.com/api-platform/core 2 https://github.com/apereo/phpCAS 2 https://github.com/woocommerce/woocommerce 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/alexbsec/CVEs 2 https://github.com/yiisoft/yii 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/YOURLS/YOURLS 2 https://github.com/Admidio/admidio 2 https://github.com/KnpLabs/snappy 2