Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13Yzd2LTc3anItNWMzbc0ZDg
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03cnBjLTltODgtY2Y5d80YPQ
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS00eDJmLTU0d3ItNGhqZ80YPg
Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05anA4LWN3d3gtcDY0cc0YRA
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1meHdtLXJ4NjgtcDV2eM0YRQ
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Ecosystems: packagist
Packages: ezsystems/ezplatform-richtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qbTZwLXdmamcteG03eM0Yfg
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qYzU1LWNyZzctcHIzNc0YJw
EC-CUBE Improper access control in Management screen
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yeGhnLXcyZzUtdzk1eM0YGA
CSV Injection in symfony/serializer
Ecosystems: packagist
Packages: symfony/symfony, symfony/serializer
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXA5N3ctdmNxcs0YFw
Cookie persistence after password changes in symfony/security-bundle
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xM2ozLXczN3gtaHEycc0YFQ
Webcache Poisoning in symfony/http-kernel
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncXB3LTlxNTQtOXgyOM0XkA
Server-Side Request Forgery in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tY3hyLWZ4NWYtOTZxcc0Xjw
Server-Side Request Forgery in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yaGY1LWY1NTMteGc4Ms0XmQ
Password exposure in concrete5/core
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qNG12LTJydjctdjJqOc0Xlw
Improper Privilege Management in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jNjV2LXA3MzMtOTc5Ns0Xpw
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00MjdxLWpwOHYtd3c5Nc0Xlg
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZjJjLTkzaG0tcjlqNc0Xpg
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHdxLWg3cjktNncyN80Xuw
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tMnYyLTgyMjctNTlmNc0Xwg
Exposure of sensitive information in concrete5/core
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nM3AyLWhmcXItOW0yNc0Xww
Improper file handling in concrete5/core
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04amhwLTJnY3ItcXc5Ns0Xzg
Moodle vulnerable to RCE via unsafe deserialization
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13cGZwLXE4NDMtdjc3Ms0XzA
Cross-site Scripting in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12ZjdoLTYyNDYtaG00M80XYQ
The disqualify lead action may be executed without CSRF token check
Ecosystems: packagist
Packages: oro/crm
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aHJwLThxeDQtdnI2Y80XYA
Incorrect Access Control in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13d2dxLTlqaGYtcWd3Ns0XQQ
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03aDI2LTYzbTctcWhmMs0XTw
HTML comments vulnerability allowing to execute JavaScript code
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcTU4LXI3N2MtNWpqd80XQA
Cross-site scripting (XSS) from image block content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw
Cross-site scripting (XSS) from writer field content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0yY3FnLXE3am0tajM1Y80XNw
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mOTlnLXBnNDgtd3JmY80XNg
twill is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: area17/twill
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01MzNwLWNwMmctOTl3cM0XNQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xMmN2LTk0eG0tcXZnNM0XNA
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS13MmY0LWh4cG0tbXE5OM0XMw
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wampmLWhjNHEtZzI5OM0XMQ
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14NWpwLTlmbW0tbTlwZs0XMA
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNGhqLXdnMnItcXBjcs0XLw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oZm04LTJxMjItaDdods0XKw
Cross-site Scripting in pegasus/google-for-jobs
Ecosystems: packagist
Packages: pegasus/google-for-jobs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00M2c4LTc5eDMtajg5OM0XKQ
Unrestricted access to predictable file paths in hov/jobfair
Ecosystems: packagist
Packages: hov/jobfair
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04YzVwLTQzNjItOTMzM80W8w
Path traversal in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zdjU2LXE2cjYtNGdjd80W7w
Insecure Inherited Permissions in neoan3-apps/template
Ecosystems: packagist
Packages: neoan3-apps/template
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NnJ4LTZqZzktNGZoOM0W5w
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZjlwLTlyMzktcjJoM80Wzw
Unrestricted Uploads in Concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yOGhtLXc1Zjctd2ozOc0Wzg
Cross-site scripting vulnerability in TinyMCE plugins
Ecosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aGZwLTl3dmotZ3d2Z80WyA
XML External Entity vulnerability in MODX CMS
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01anhjLWhtcWYtM2Y3M80Www
Cross-Site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZmo3LXczNzMtZ3FjaM0WwQ
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1ycWdwLWNjcGgtNXc2Nc0WwA
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cDN4LThxdzktMjR3Oc0Wuw
Authenticated Stored XSS in shopware/shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13N3g4LWNxN3ItZzVnOc0Wrg
Cross Site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Mjg2LWg0N2gtbTV2Ns0WtA
Showdoc File Upload Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zMzc0LTdoOTkteHI4Nc0Wsg
Cross-site scripting in forkcms
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1tNDlmLWhjeHAtNmhtNs0WsA
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aDlnLXg1cnYtMjV3Z80WrQ
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNTh2LWczcTYtcTlmeM0Wqw
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cmcyLTZxcjUtMnhwOM0WpA
Cross-site Scripting in snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jN3Y0LW0yNjktNDk5Nc0Wow
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nOTJ4LThtNTQtcDg5ds0Wog
Cross-Site Request Forgery in snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ZnZ4LTVwMnItNG12cM0WoQ
Open Redirect in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZzN2LWozY3ItNmZjNs0WoA
Cross-site Scripting in snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yN3JoLWc3NzctZzVneM0WYA
SilverStripe GraphQL Server permission checker not inherited by query subclass.
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qNjZoLWNjOTYtYzMycc0WYg
Cross-site Scripting in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yODRmLWYyaHctajJneM0WYw
Server-Side Request Forgery vulnerability in concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oOXBoLWpjZ2gtZ2Y2Oc0Wfw
Cross-site Scripting in Limesurvey
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xOXA0LXFmYzgtZnZwcM0Wdw
SQL Injection in medoo
Ecosystems: packagist
Packages: catfan/medoo
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wbTc3LWM0cTctM2Z3as0Wcw
Improper Certificate Validation in Heartland & Global Payments PHP SDK
Ecosystems: packagist
Packages: globalpayments/php-sdk
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xZjZxLXFmd3AtdnA0NM0Wcg
Origin Validation Error in Magento 2
Ecosystems: packagist
Packages: cardgate/magento2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jeDJyLW1mNngtNTVyeM0WcQ
Stored XSS with custom URLs in PrestaShop module ps_linklist
Ecosystems: packagist
Packages: prestashop/ps_linklist
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yNWZ4LW14YzItNzZnN80WLQ
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
Ecosystems: packagist
Packages: sylius/paypal-plugin
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNmo0LThyN3Atd3BwM80WNw
BuddyPress privilege escalation via REST API
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw
Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmpoLWZ4dzQtZ3Bobc0WJg
HTTP Host Header Injection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcnFnLTdnMzgtNmdjZs0WJQ
Improper escaping of command arguments on Windows leading to command injection
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS01dmZ4LTh3Nm0taDN2NM0WHA
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14Mmd3LTg1dzYtZmpqd80WGw
Cross-site scripting in demos/demo.mysqli.php in getID3
Ecosystems: packagist
Packages: james-heinrich/getid3
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1neG1jLTV3ajMtang2NM0WGg
Cross-site scripting in application/controllers/dropbox.php in JustWriting
Ecosystems: packagist
Packages: hjue/justwriting
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNzJnLTQycTYtZ3ZjMs0WGQ
Cross-site Scripting in LaraCMS
Ecosystems: packagist
Packages: wanglelecc/laracms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1od3FjLXBnanctdmpxcM0WDg
Cross-Site Request Forgery in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oN21xLTI3cjctdzk3Ms0WDA
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Njc1LXd3cXItamhtZs0WDQ
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tN2g1LWZqanEtNTU5Zs0WEg
SQL Injection in topthink/thinkphp
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02d2hmLXE2cDUtODR3Z80WBw
Improper Access Control in Webauthn Framework
Ecosystems: packagist
Packages: web-auth/webauthn-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jZzNxLTU5dzctcnZjMs0WBA
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNTZyLTc3cTgtZjY0Zs0WAw
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03MzIyLWpycTQteDVoZs0WCw
File reference keys leads to incorrect hashes on HMAC algorithms
Ecosystems: packagist
Packages: lcobucci/jwt
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNm1qLTZyN3ItbXFoZs0WCg
User can obtain JWT token even if account is disabled
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yZjN3LTI5aDMtcjYzNs0V1Q
Arbitrary Code Execution in feehi/cms
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOWZxLWM5aHAtNTlnN80Vyw
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01Nzl4LWNqdnItY3FqOc0V2g
Observable Response Discrepancy in Lost Password Service
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncWNmLTgzcnEtZ3Bmcs0VwA
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ibexa/post-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2