Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtampnYy1oM3I4
Authenticated remote code execution
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyOWctZzk4Mi1wd3B2
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcmYtOTlndy12dndq
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2d2ctMzloOC04cXA4
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1aHItam00ai05anZx
Sandbox escape through template_object in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNycGYtNXJxdi02ODlx
PHP Code Injection by malicious function name in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3ZjktY3ZoNS1xdzdm
Path traversal in pimcore/pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4OGctcXg0Mi14ZnJo
Path traversal in bolt/core
Ecosystems: packagist
Packages: bolt/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtcDV3My01bTI1
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cjItaGo1Yy04ang2
SSRF in adminer
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwZ3gtZ2NwaC1tcHFy
vrana/adminer via XSS in the history parameter in SQL command
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2ZzQtOXJjMi13dmNy
Generation of fake documents via public GET-call
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzktMzVwMi1xMmM1
Steam Socialite Provider v1 does not correctly validate openid server
Ecosystems: packagist
Packages: socialiteproviders/steam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3djQtZ202ai1jdzlt
XSS in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzZ2ctN3d4Mi1jcTNo
XSS in Flarum Sticky extension
Ecosystems: packagist
Packages: flarum/sticky
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3gtNGd4eC1oNDhm
Users can edit the tags of any discussion
Ecosystems: packagist
Packages: flarum/tags
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NDQtNzY0Ny14Znc5
Blind SQL injection in PrestaShop productcomments module
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djktMmZweC1qNWc5
CSV Injection vulnerability with exported contact lists in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OTgtZng5ai03Yzc4
Disabled users able to log in with third party SSO plugin
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NzQtang3bS14Nmh2
XSS vulnerability in theme config file in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjZjctY2o4cS1wY2pt
XSS vulnerability in Author URL of themes in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3ctMmM3Mi00Yzg5
Mautic users able to download any files from server using filemanager
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d2otajNqYy04NTht
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3angtajc3bS13cDY1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXgtanc2cC1xM3Jm
Cross-Site Scripting in Fluid view helpers
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bXItNjQyOC04N3c5
Cross-Site Scripting in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1NGotZjI3ci1jajUy
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0dnAtcm1xdi01ODc1
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3anItNmZqNy1mYzZo
Local File Inclusion by unauthenticated users
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwam0tM3d3NS02Y3Bm
Cross-Site Scripting through Fluid view helper arguments
Ecosystems: packagist
Packages: typo3fluid/fluid
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4dzQtdzc3dy1xdjN3
Reflected XSS with parameters in PostComment
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyZmgtZnA0eC1jcnJx
Persistent XSS in newsletter module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZnctODhocS02am1t
Persistent XSS in shopping worlds
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjktN3E0Zy1wbXZt
Persistent XSS in customer module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcTYtdzVjZy13bTQ1
Exploitable inventory component chaining in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwd3ctNGpmNC00aHg4
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NXEtajlwNC0zdnhn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZ2YtdmZ3Mi1oajI2
RCE via PHP Object injection via SOAP Requests
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmbXYtcTI2OS01NWN3
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Authenticated XML External Entity Processing
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndzQteDYzaC01NDk5
Ability to switch customer email address on account detail page and stay verified
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OXctaGNjbS0yNjV4
Inline attribute values were not processed.
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4MjItcHc1Ny12djM3
XSS vulnerability when listing users on add & modify server pages.
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3MzMtaGp2Ni00aDQ3
Cross-Site Scripting in ternary conditional operator
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3fluid/fluid
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThndjMtM2o3Zi13Zzk0
Potential Remote Code Execution vulnerability
Ecosystems: packagist
Packages: nette/application
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2aHItNTVoZy0zcXd2
Non-persistent XSS in the Storefront in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2YzUtY2Zyci0zODR2
RCE in Third Party Library in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1aHgtNjJyaC1nZzk2
Potential XSS injection In PrestaShop contactform
Ecosystems: packagist
Packages: prestashop/contactform
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNmctZ2pwOC1nZ2c5
personnummer/php vulnerable to Improper Input Validation
Ecosystems: packagist
Packages: personnummer/personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cmctN3Jwci1jd3Iy
Information Disclosure in TYPO3 extension sf_event_mgt
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NGgtNXIyNy03eDNy
RCE in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtdjQtZ21tZi1xMzgy
DataTable Vulnerable to Cross-Site Scripting
Ecosystems: packagist, npm
Packages: datatables/datatables, datatables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3M3gtZjV3eC1meHB3
Cross Site Scripting and RCE in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNweGMtNjdyYy1jNzc1
Cross Site Scripting in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cGotOWc1OS00cHB2
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZjIteG02eC00NnA2
Observable Timing Discrepancy in OpenMage LTS
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmbTQtcHE1OS13ZzZy
Reset Password / Login vulnerability in Sulu
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1bW0tNTM5OS03cjYz
Reliance on Cookies without validation in OctoberCMS
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwcXYteDlobS0zNWo5
Potential XSS vulnerability in Kitodo.Presentation
Ecosystems: packagist
Packages: kitodo/presentation
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3ajUtOWo3Ny1nNGdx
Remote code execution in turn extension for TYPO3
Ecosystems: packagist
Packages: marcwillmann/turn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3Z3ItanZxci0zaHdt
Incorrect access control in typo3_forum
Ecosystems: packagist
Packages: mittwald/typo3_forum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OTQtZnY1aC01cTJj
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dnItM203NC1qd3hw
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRoNDQtdzZmbS01NDhn
Potential Remote Code Execution in TYPO3 with mediace extension
Ecosystems: packagist
Packages: friendsoftypo3/mediace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzamotMnJ3Yy0ybTNm
Broken access control on files
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3Z2YtM3hwNy1jeGo0
Potentially sensitive data exposure in Symfony Web Socket Bundle
Ecosystems: packagist
Packages: gos/web-socket-bundle
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyOTUtNG1xNS1yM2Zo
Phar unserialization vulnerability in phpMussel
Ecosystems: packagist
Packages: Maikuolan/phpMussel, phpmussel/phpmussel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04
CSRF issue on preview pages in Bolt CMS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4cTMtN3dqcC03cTNq
The filename of uploaded files vulnerable to stored XSS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMS
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4d2gtNmp3NC0yaDc5
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Ecosystems: packagist
Packages: rainlab/debugbar-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 4 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2