Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00eHA1LWhyMzUtODRjeM4AA3v8
Broken Access Control in extension "femanager"
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1wNnh4LWZoZnctN21qN84AA3v7
Configuration Injection in extension "Direct Mail" (direct_mail)
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zcXgyLTZmNzgtdzJqMs4AA3v6
Denial of service caused by infinite recursion when parsing SVG images
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mZjV4LTdxZzUtdndmMs4AA3uh
Denial of service caused by infinite recursion when parsing SVG document
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oajRjLXZmYzQtNWY5Y84AA3qO
Cross-site Scripting in Semantic MediaWiki
Ecosystems: packagist
Packages: mediawiki/semantic-media-wiki
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01cnYyLXZ2bWYtZjd3OM4AA3qC
PHPEMS Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: phpems/phpems
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05ajV3LTJjcWMtY3dqOc4AA3oh
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1wOHE2LXFyZ2otN2d4Ms4AA3oa
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanism
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zcnB4LXBnbWYtajk2aM4AA3mF
Microweber Business Logic Errors
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03bWM2LXg5MjUtN3F2eM4AA3k_
Test code in published microsoft-graph-beta package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-beta
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1taGhwLWMzY20tMnI4Ns4AA3k-
Test code in published microsoft-graph-core package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jZ3dxLTZwcnEtOGg5cc4AA3k9
Test code in published microsoft-graph package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 5 months ago
High
GSA_kwCzR0hTQS03Z3E5LXA5NGYtZzV2Oc4AA3hu
ThinkAdmin arbitrary file upload vulnerability
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wcjR3LW00cnAtZ3A4N84AA3ck
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerability
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0yYzd4LXczbXgtaDdwNs4AA3ba
Microweber file upload vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 5 months ago
High
GSA_kwCzR0hTQS13dzd4LTNneGgtcW02cs4AA3Zu
Validation of SignedInfo
Ecosystems: packagist
Packages: simplesamlphp/saml2, simplesamlphp/xml-security
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NDI3LWM0OWotOHc2eM4AA3VI
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qNzJmLWg3NTItbXg0d84AA3VH
Insertion of Sensitive Information into Log
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 5 months ago
High
GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2
Cross-site Scripting via uploaded assets
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 5 months ago
High
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12bTRwLWdoODIteHE5Ns4AA3Ti
Cross-site Scripting in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04cGhyLTYzN2ctcHhyZ84AA3P2
LibreNMS Cross-site Scripting at Device groups Deletion feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ycTQyLTU4cWYtdjNxeM4AA3Pz
LibreNMS vulnerable to rate limiting bypass on login page
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Concrete CMS allows unauthorized access because directories can be created with insecure permissions
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13OThnLTVmbXgtd200eM4AA3Mk
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Ecosystems: packagist
Packages: pocketmine/raklib
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 5 months ago
High
GSA_kwCzR0hTQS03MmhoLXhmNzktNDI5cM4AA3ML
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jOGhqLXcyMzktNWd2Zs4AA3MK
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
High
GSA_kwCzR0hTQS0ycjUzLTkyOTUtM204Ns4AA3K4
Statamic CMS vulnerable to remote code execution via form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1tdzJ3LTJoajItZmc4cc4AA3Kz
yiisoft/yii deserializing untrusted user input can lead to remote code execution
Ecosystems: packagist
Packages: yiisoft/yii
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xNTdnLTM4cGMtand2OM4AA3IQ
Microweber Improper Access Control vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tbTc5LWpocW0tOWo1NM4AA3Hu
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1ydzgyLW1obXgtZ3Jtas4AA3Hr
Guest Entries Remote code execution via file uploads
Ecosystems: packagist
Packages: doublethreedigital/guest-entries, duncanmcclean/guest-entries
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zdm1tLTdoNGotNjlybc4AA3GT
TYPO3 vulnerable to Weak Authentication in Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 5 months ago
High
GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3
Statamic CMS remote code execution via front-end form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03MngyLTVjODUtNndtcs4AA3Cz
Symfony potential Cross-site Scripting in WebhookController
Ecosystems: packagist
Packages: symfony/symfony, symfony/webhook
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMndqLXI2ZzMtZnhmeM4AA3Cx
Symfony possible session fixation vulnerability
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mbTVoLTU4ZzItNG0zZs4AA3Bj
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNXhmLWd2ODktZzQyMs4AA3Bq
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01Y3Z4LWN3cHgtOXJqaM4AA3Br
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05Z3FwLTNnMjgtdzl4Y84AA3B4
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yNmZnLXYzMnItaDY2M84AA3Bo
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yOGdjLTRxcTUtOHEyNs4AA3Bi
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04bW0yLW0yZ3AtYzZ4Ms4AA3Bn
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
High
GSA_kwCzR0hTQS13OHgyLXc0cXItdjN4NM4AA3Bg
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04M2oyLXFoeDItcDdqY84AA2_W
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerability
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05Y3c5LW03aGctdzhtZs4AA24o
Reportico Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qZnh3LTZjNXYtYzQyZs4AA22R
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
High
GSA_kwCzR0hTQS1yOWNtLXB3OWotM2ZweM4AA21l
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OHYyLTU5NngtNGpyOc4AA21m
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02ZjU4LWozMjMtNjQ3Ms4AA21F
pimcore/admin-ui-classic-bundle Unverified Password Change
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNTl2LWhoNHAtcTkybc4AA20D
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zNHc0LXdycXAtajQ3Z84AA2zk
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
High
GSA_kwCzR0hTQS1nNWhwLTMyOGgtamo5OM4AA2zj
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1mNzI4LXByaHctMmc2OM4AA2zm
Insufficient Session Expiration in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNHZqLXc1cmotOGdyd84AA2zi
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cTVmLTI5Z3gtNTdmZs4AA2zg
Cross-site Scripting (XSS) in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05cGpmLWp3OXEtZng0Oc4AA2xF
Cross-site Scripting (XSS) in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1oOTJtLTRnOW0tNzJ2cs4AA2wi
juzawebCMS Injection vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1obXFqLWd2Mm0taHE1Nc4AA2uW
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Statistics
Advisories: 18,139
Packages: 8,241
Repositories: 603
Ecosystems: 12
Filter by Severity
Moderate 7,815 High 6,287 Critical 2,787 Low 966
Filter by Ecosystem
maven 5,518 packagist 3,781 pypi 3,550 npm 3,530 go 1,878 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
moodle/moodle 318 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 microweber/microweber 91 phpmyadmin/phpmyadmin 91 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 drupal/drupal 56 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 28 centreon/centreon 27 shopware/shopware 27 getgrav/grav 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 contao/contao 18 tribalsystems/zenario 18 forkcms/forkcms 18 genix/cms 17 cakephp/cakephp 17 symfony/security 17 cockpit-hq/cockpit 17 francoisjacquet/rosariosis 17 simplesamlphp/simplesamlphp 17 yetiforce/yetiforce-crm 16 topthink/framework 15 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 phpmailer/phpmailer 14 smarty/smarty 14 elefant/cms 13 impresscms/impresscms 13 codeigniter4/framework 13 october/system 13 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 dompdf/dompdf 12 bolt/bolt 12 phpbb/phpbb 12 lavalite/cms 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 opencart/opencart 10 pagekit/pagekit 10 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 sylius/sylius 10 wwbn/avideo 10 nukeviet/nukeviet 10 laravel/framework 10 TinyMCE 9 tinymce 9 tinymce/tinymce 9 alextselegidis/easyappointments 9 concrete5/core 9 kevinpapst/kimai2 9 october/october 9 ssddanbrown/bookstack 9 funadmin/funadmin 9 gilacms/gila 8 sulu/sulu 8 codiad/codiad 8 yiisoft/yii2 8 october/cms 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 croogo/croogo 8 flarum/core 7 statamic/cms 7 symfony/http-foundation 7 silverstripe/graphql 7 silverstripe/admin 7 october/backend 7 symfony/http-kernel 6 composer/composer 6 yiisoft/yii2-dev 6 zoujingli/thinkadmin 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 directmailteam/direct-mail 6 wpglobus/wpglobus 6 pterodactyl/panel 6 nystudio107/craft-seomatic 6 dweeves/magmi 6 contao/core 6 yourls/yourls 6 in2code/femanager 6 backdrop/backdrop 6 automad/automad 5 elgg/elgg 5 symfony/security-core 5 cachethq/cachet 5 gleez/cms 5 phpseclib/phpseclib 5 simplesamlphp/saml2 5 vrana/adminer 5 ezsystems/ezplatform-admin-ui 5 silverstripe/assets 5 thinkcmf/thinkcmf 5 phpxmlrpc/phpxmlrpc 5 billz/raspap-webgui 5 typo3/cms-install 5 oro/platform 5 anchorcms/anchor-cms 5 bottelet/flarepoint 5 pear/archive_tar 5 gugoan/economizzer 5 ibexa/core 5 oro/commerce 4 bytefury/crater 4 modx/revolution 4 appwrite/server-ce 4 evolutioncms/evolution 4 notrinos/notrinos-erp 4 shopware/storefront 4 phpservermon/phpservermon 4 pyrocms/pyrocms 4 magento/product-community-edition 4 typo3/cms-frontend 4 bref/bref 4 wp-premium/gravityforms 4 codeigniter4/shield 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 spatie/browsershot 4 typo3/html-sanitizer 4 symfony/security-bundle 4 prestashop/productcomments 3 joomla/joomla-cms 3 processwire/processwire 3 quickapps/cms 3 mantisbt/mantisbt 3 phpoffice/phpspreadsheet 3 codeigniter/framework 3 ckeditor4 3 joomla/framework 3 symfony/form 3 illuminate/database 3 zencart/zencart 3 typo3/cms-form 3 qcubed/qcubed 3 yiisoft/yii 3 verbb/comments 3 icecoder/icecoder 3 flarum/framework 3 shopxo/shopxo 3 rudloff/alltube 3 enshrined/svg-sanitize 3 enhavo/enhavo-app 3 phenx/php-svg-lib 3 facade/ignition 3 sylius/resource-bundle 3 tecnickcom/tcpdf 3 artesaos/seotools 3 ezsystems/ezpublish-legacy 3 buddypress/buddypress 3 bbpress/bbpress 3 adodb/adodb-php 3 kimai/kimai 3 froala/wysiwyg-editor 3 limesurvey/limesurvey 3 apache-solr-for-typo3/solr 3 verot/class.upload.php 3 zendframework/zendopenid 3 uvdesk/community-skeleton 3 zendframework/zendrest 3 twig/twig 3 zendframework/zendservice-audioscrobbler 3 zendframework/zendservice-amazon 3 zendframework/zendservice-api 3 zendframework/zendservice-nirvanix 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 54 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/drupal/core 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/neorazorx/facturascripts 9 https://github.com/funadmin/funadmin 9 https://github.com/bolt/bolt 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/top-think/framework 9 https://github.com/semplon/GeniXCMS 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/yiisoft/yii2 9 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/Sylius/Sylius 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/admidio/admidio 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/Froxlor/Froxlor 8 https://github.com/Codiad/Codiad 7 https://github.com/croogo/croogo 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/flarum/framework 7 https://github.com/pagekit/pagekit 7 https://github.com/pterodactyl/panel 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/oroinc/orocommerce 6 https://github.com/nystudio107/craft-seomatic 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/guzzle/guzzle 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/RaspAP/raspap-webgui 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/composer/composer 5 https://github.com/jbroadway/elefant 5 https://github.com/vrana/adminer 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/nukeviet/nukeviet 5 https://github.com/pear/Archive_Tar 5 https://github.com/gleez/cms 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/ibexa/core 5 https://github.com/zendframework/zf1 5 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/codeigniter4/shield 4 https://github.com/oroinc/platform 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/spatie/browsershot 4 https://github.com/appwrite/appwrite 4 https://github.com/crater-invoice/crater 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/screetsec/VDD 4 https://github.com/bagisto/bagisto 4 https://github.com/backdrop/backdrop 4 https://github.com/brefphp/bref 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/verbb/comments 3 https://github.com/flarum/core 3 https://github.com/pixelfed/pixelfed 3 https://github.com/facade/ignition 3 https://github.com/PrestaShop/productcomments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/Rudloff/alltube 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/oroinc/crm 3 https://github.com/ADOdb/ADOdb 3 https://github.com/zendframework/zendframework 3 https://github.com/twigphp/Twig 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/modxcms/revolution 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/idno/known 3 https://github.com/mantisbt/mantisbt 3 https://github.com/in2code-de/femanager 3 https://github.com/liufee/feehicms 3 https://github.com/kimai/kimai 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/concrete5/concrete5 3 https://github.com/artesaos/seotools 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/Cockpit-HQ/Cockpit 2 https://github.com/verbb/image-resizer 2 https://github.com/verbb/knock-knock 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/ibexa/admin-ui 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/thephpleague/commonmark 2 https://github.com/yiisoft/yii 2 https://github.com/icecoder/ICEcoder 2 https://github.com/filegator/filegator 2 https://github.com/z-song/laravel-admin 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/alexbsec/CVEs 2 https://github.com/azuracast/azuracast 2 https://github.com/api-platform/core 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/bolt/core 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/tecnickcom/TCPDF 2 https://github.com/cecilapp/cecil 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/CCCCCrash/POCs 2 https://github.com/TYPO3/Fluid 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nette/latte 2 https://github.com/Admidio/admidio 2 https://github.com/tpwd/ke_search 2 https://github.com/YOURLS/YOURLS 2 https://github.com/top-think/thinkphp 2 https://github.com/orchidsoftware/platform 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/mustgundogdu/Research 2 https://github.com/munkireport/munkireport-php 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/contao/core 2 https://github.com/helloxz/imgurl 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/phpbb/phpbb 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/phpmyadmin/composer 2