Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Browse all Security Advisories for packagist

Loading...
Moderate
GSA_kwCzR0hTQS12eGg0LXg2Z3YtbXBoZs0kcA
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Ecosystems: packagist
Packages: livehelperchat/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00NG00LTljanAtajU4N80kcg
IBX-1392: Image filenames sanitization
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oNzl4LTk4cjItZzZxY80loQ
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13amZxLTg4cTItcjM0as0log
Unhandled exception when decoding form response JSON
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jN2ZtLWp4NTktd2pmNs0lQA
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03djN4LWg3cjItMzRqds0lXg
Insufficient Session Expiration in Pterodactyl API
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wbTN2LXF4ZjYtZmd4ds0ljw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1tOHJwLXE4MnItYzVtZs0lmQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03d3Y4LWc5N3ItNDMyaM0llg
Exposure of Sensitive Information to an Unauthorized Actor in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12Y2dmLXZtcGMtcGg3Oc0lmA
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wNWhqLXh4ZnItcHdjM80lkg
Code Injection in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14aDk5LWh3N2gtd2Y2M80iuQ
Unchecked validity of Facing values in PlayerActionPacket
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04cXZ4LWY1Z2YtZzQzds0hYQ
Logic error in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yOWdwLTJjM20tM2o2bc0hTw
Sandbox Escape by math function in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ycmd3LTNoZzMtOXg4Y80hSg
XSS vulnerability in translations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1naGhtLXhyd3AtNzVtOc0hCw
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qcjM3LTY2cGotMzZ2N80g8A
Cross-site Scripting in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00NGd2LWZnY2otdzU0Ns0g7w
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mcnhwLXh4eDgtaHJnNs0g7A
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Weak Password Requirements in Daybyday CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13NnJwLTR2ajctdjJtOM0g9g
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyeGMtbXIydy1janB2
Open Redirect in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yd3FxLXA0cDktNXdwcc0dDg
Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.
Ecosystems: packagist
Packages: gaoming13/wechat-php-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jNmZnLTk5cHItMjVtOc0g_g
Uncapped length of skin data fields submitted by players
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wNjJqLWhyeG0teGN4Zs0g_Q
Book page text, count, and author/title length is not limited in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jNTN2LXFtcngtOTNoZ80hAQ
Open redirect in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1wNTIzLWpycGgtcWpjNs0hAA
Insufficient Session Expiration in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0zNm0yLThyaHgtZjM2as0g_A
Sandbox bypass in Latte templates
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13NmpyLXdqNjQtbWM5eM0g-w
Deserialization of Untrusted Data in Codeigniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01bWo2LTNjbXEtZmgzNM0grg
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jdjI1LTNnbWctYzZtOM0grQ
Injection in UserFrosting
Ecosystems: packagist
Packages: userfrosting/userfrosting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14dnZ2LXdqN2otcjlqbc0fYg
Cross-site Scripting in Netgen Tags Bundle
Ecosystems: packagist
Packages: netgen/tagsbundle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03dnhjLWNocWotaDgzZ80eiw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14ZzZyLTVneDQtcXhqbc0eaQ
invoiceninja is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: hillelcoren/invoice-ninja
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yeHc4LWo0M2otNXZ4cM0ebQ
elgg is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05MzI4LTdwY3ctdnc2Oc0gsA
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xdjdnLWo5OHYtOHBwN80gsQ
XSS vulnerability on email template preview page
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04eHg5LXJ4cmotMm0yd80dig
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oeDc3LTVwODgtZjkycs0dFA
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mN3h3LTQ2dmgtNWp3Ms0dDQ
livehelperchat is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03bXE2LWNwNW0tZjRqNc0bxA
Cross-site Scripting in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nNWptLXhod20tOXhwOc0gRw
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ycGc3LXE0Y3YtcDQ2Ns0cuw
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qODVmLXh3OXgtZmZ3cM0cvw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1md2g3LXY0Z2YteHY3d80ciw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05YzVjLTVqNGgtOHEyY80btQ
BookStack is vulnerable to Improper Access Control.
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ
Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw
Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05dndmLTU0bTktZ2M0Zs0aug
snipe-it is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04dzN4LXI2eDctYzVyNc0ayw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0ydjJ2LWZ4N3ItZjJmaM0azA
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zcDg1LXA0cWctaGNycM0azQ
pimcore is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04cXY4LWZxNXctcDk2Ns0a1Q
phpservermon is vulnerable to CRLF Injection
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12NGNyLW01ZjgtZ3h3OM0a0Q
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yeGNoLWdwNjItNTc0d80bSg
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ycDQyLWM0NWotZzQ2eM0bdg
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qcWZwLW01ZjgtdmcyOM0clA
Dolibarr Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04NHB4LXE2OHItMmZjOc0bsw
Privilege escalation in the Sulu Admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS12eDZqLXBqcmgtdmdqaM0bsg
PHP file inclusion in the Sulu admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1waDk4LXY3OGYtanFybc0bPg
SQL injection in jackalope/jackalope-doctrine-dbal
Ecosystems: packagist
Packages: jackalope/jackalope-doctrine-dbal
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00and4LTc4dngtZ202Z80ajA
Cross-Site Request Forgery in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05N2NjLTgyNWMtMzk5Z80abA
Cross site scripting in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1oODZqLTZoNm0tcWpxd80Z7g
Cross-Site Request Forgery in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0zM2djLTZjdzktdzNnNM0ZXg
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01NTNxLWhwdnAtcThwY80ZWw
Server-Side Request Forgery in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oamhwLWh3ZmotaHdmM80ZNQ
Cross Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS03Mjg5LWNod2otN2g4Ns0ZMg
Path traversal in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02NmhmLTJwNnctanFmd80Zdg
Laravel Framework XSS in Blade templating engine
Ecosystems: packagist
Packages: illuminate/view, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nNnZxLXdjOHctNGc2Oc0Y3Q
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01dnI2LWhtNjgtNWo5cM0YwQ
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nd3B4LXEyaDktd3hneM0YzA
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02N2M3LTV2OWotMjI3cs0Yyw
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05dzhmLTd3Z3ItMmg3Z80Yzw
kimai2 is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02cHFtLXh2ZmMtdzdwNM0Yzg
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mNTQ1LXZwd3AtcjlqN80Y0A
showdoc is vulnerable to URL Redirection to Untrusted Site
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01ZmgzLTI1eHItZzg1aM0Y1A
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14NjhjLTRnbW0tNWc0M80Y0w
kimai2 is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mNzdoLW05dzItdnZnMs0Y3A
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS13Yzd2LTc3anItNWMzbc0ZDg
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS03cnBjLTltODgtY2Y5d80YPQ
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00eDJmLTU0d3ItNGhqZ80YPg
Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 3 years ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 717
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 contao/core-bundle 24 magento/core 24 zendframework/zendframework 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 getkirby/cms 22 tribalsystems/zenario 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 topthink/framework 18 francoisjacquet/rosariosis 17 opencart/opencart 17 symfony/security 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 genix/cms 17 typo3/cms-backend 16 phpbb/phpbb 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 16 october/system 15 ec-cube/ec-cube 15 symfony/security-http 15 smarty/smarty 15 feehi/cms 14 dompdf/dompdf 14 bolt/bolt 14 silverstripe/cms 14 phpmailer/phpmailer 14 elefant/cms 13 sylius/sylius 13 impresscms/impresscms 13 codeigniter4/framework 13 admidio/admidio 13 lavalite/cms 13 pimcore/admin-ui-classic-bundle 13 studio-42/elfinder 13 phpmyfaq/phpmyfaq 12 symfony/http-foundation 12 phpoffice/phpspreadsheet 12 wwbn/avideo 12 feehi/feehicms 11 wallabag/wallabag 11 nukeviet/nukeviet 11 ezsystems/ezplatform-kernel 11 tinymce/tinymce 11 pagekit/pagekit 11 TinyMCE 11 tinymce 11 sulu/sulu 10 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 october/october 10 ssddanbrown/bookstack 10 alextselegidis/easyappointments 9 contao/core 9 twbs/bootstrap 9 kevinpapst/kimai2 9 statamic/cms 9 concrete5/core 9 bootstrap 9 bootstrap 9 bootstrap 9 org.webjars:bootstrap 9 codiad/codiad 8 mantisbt/mantisbt 8 october/cms 8 facturascripts/facturascripts 8 gilacms/gila 8 croogo/croogo 8 twig/twig 8 pimcore/customer-management-framework-bundle 8 silverstripe/admin 8 composer/composer 8 pterodactyl/panel 8 silverstripe/graphql 8 ezsystems/ezplatform-admin-ui 8 bootstrap.sass 7 october/backend 7 symfony/http-kernel 7 wpglobus/wpglobus 7 bootstrap-sass 7 passbolt/passbolt_api 7 backdrop/backdrop 7 billz/raspap-webgui 7 flarum/core 7 oro/platform 6 nystudio107/craft-seomatic 6 in2code/femanager 6 yourls/yourls 6 bagisto/bagisto 6 yiisoft/yii2-dev 6 icecoder/icecoder 6 dweeves/magmi 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 guzzlehttp/guzzle 6 vrana/adminer 6 gleez/cms 6 phpseclib/phpseclib 6 pear/archive_tar 6 kimai/kimai 5 symfony/security-bundle 5 illuminate/database 5 woocommerce/woocommerce 5 neos/neos 5 symfony/security-core 5 bootstrap-sass 5 phpservermon/phpservermon 5 neos/flow 5 limesurvey/limesurvey 5 bottelet/flarepoint 5 elgg/elgg 5 phpxmlrpc/phpxmlrpc 5 gugoan/economizzer 5 typo3/cms-install 5 cachethq/cachet 5 mautic/core-lib 5 ibexa/core 5 simplesamlphp/saml2 5 silverstripe/assets 5 thinkcmf/thinkcmf 5 typo3/flow 5 codeigniter/framework 5 anchorcms/anchor-cms 5 adodb/adodb-php 4 bytefury/crater 4 codeigniter4/shield 4 ezyang/htmlpurifier 4 sylius/resource-bundle 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 magento/product-community-edition 4 appwrite/server-ce 4 shopxo/shopxo 4 idno/known 4 wintercms/winter 4 reportico-web/reportico 4 pyrocms/pyrocms 4 ezsystems/ezplatform 4 zendframework/zendopenid 4 processwire/processwire 4 shopware/storefront 4 automad/automad 4 friendsofsymfony/user-bundle 4 typo3/cms-frontend 4 wp-premium/gravityforms 4 oro/commerce 4 spatie/browsershot 4 evolutioncms/evolution 4 typo3/html-sanitizer 4 ckeditor4 3 verbb/comments 3 flarum/framework 3 joomla/joomla-cms 3 symfony/form 3 zendframework/zendservice-api 3 zendframework/zend-http 3 orchid/platform 3 enshrined/svg-sanitize 3 django-tinymce 3 joomla/framework 3 amphp/http-client 3
Filter by Repository
https://github.com/moodle/moodle 218 https://github.com/pimcore/pimcore 113 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/Dolibarr/dolibarr 56 https://github.com/shopware/platform 43 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 34 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/centreon/centreon-archived 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/smarty-php/smarty 12 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/tinymce/tinymce 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/yiisoft/yii2 11 https://github.com/Sylius/Sylius 11 https://github.com/Studio-42/elFinder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/WWBN/AVideo 11 https://github.com/opencart/opencart 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/sulu/sulu 10 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/wallabag/wallabag 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/statamic/cms 8 https://github.com/Froxlor/Froxlor 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/pterodactyl/panel 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/mantisbt/mantisbt 8 https://github.com/GilaCMS/gila 8 https://github.com/twbs/bootstrap 7 https://github.com/twigphp/Twig 7 https://github.com/croogo/croogo 7 https://github.com/pagekit/pagekit 7 https://github.com/passbolt/passbolt_api 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/flarum/framework 7 https://github.com/RaspAP/raspap-webgui 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/composer/composer 7 https://github.com/phpseclib/phpseclib 6 https://github.com/bookstackapp/bookstack 6 https://github.com/oroinc/orocommerce 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/gleez/cms 6 https://github.com/vrana/adminer 6 https://github.com/ezsystems/ezplatform-admin-ui 6 https://github.com/LimeSurvey/LimeSurvey 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/silverstripe/silverstripe-graphql 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/zendframework/zf1 5 https://github.com/backdrop/backdrop 5 https://github.com/nukeviet/nukeviet 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/shopware5/shopware 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/Admidio/admidio 5 https://github.com/jbroadway/elefant 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/contao/core 5 https://github.com/oroinc/platform 5 https://github.com/ADOdb/ADOdb 4 https://github.com/phpservermon/phpservermon 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/codeigniter4/shield 4 https://github.com/oroinc/crm 4 https://github.com/Sylius/SyliusResourceBundle 4 https://github.com/appwrite/appwrite 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/ezsystems/ezplatform 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/BookStackApp/BookStack 4 https://github.com/reportico-web/reportico 4 https://github.com/kimai/kimai 4 https://github.com/bagisto/bagisto 4 https://github.com/brefphp/bref 4 https://github.com/phpbb/phpbb 3 https://github.com/ezsystems/ezplatform-richtext 3 https://github.com/Rudloff/alltube 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/phpbb/phpbb-app 3 https://github.com/xjzzzxx/vulFound 3 https://github.com/facade/ignition 3 https://github.com/PrivateBin/PrivateBin 3 https://github.com/PrestaShop/productcomments 3 https://github.com/dd3x3r/enhavo 3 https://github.com/flarum/core 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/alexbsec/CVEs 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/idno/known 3 https://github.com/in2code-de/femanager 3 https://github.com/in2code-de/powermail 3 https://github.com/modxcms/revolution 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/livewire/livewire 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/wikimedia/mediawiki 3 https://github.com/verbb/comments 3 https://github.com/concrete5/concrete5 3 https://github.com/woocommerce/woocommerce 3 https://github.com/getformwork/formwork 3 https://github.com/aimeos/ai-admin-graphql 3 https://github.com/artesaos/seotools 3 https://github.com/orchidsoftware/platform 3 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/scheb/two-factor-bundle 2 https://github.com/ethercreative/logs 2 https://github.com/jquery/jquery 2 https://github.com/ezsystems/repository-forms 2 https://github.com/z-song/laravel-admin 2 https://github.com/pyrocms/pyrocms 2 https://github.com/sartlabs/0days 2 https://github.com/marcantondahmen/automad 2 https://github.com/robrichards/xmlseclibs 2 https://github.com/Ek-Saini/security 2 https://github.com/KnpLabs/snappy 2 https://github.com/Elgg/Elgg 2 https://github.com/jqhph/dcat-admin 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/joomla/joomla-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/fuel/core 2 https://github.com/froxlor/Froxlor 2 https://github.com/aimeos/ai-client-html 2 https://github.com/aimeos/ai-controller-frontend 2