Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1obXFqLWd2Mm0taHE1Nc4AA2uW
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04Zzg3LTczdnEtNDQzcM4AA2p7
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00cXY2LTM3eHEtbWdxMs4AA2oD
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00MzJmLTk2N2YtdnhnNM4AA2k2
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw
Subrion CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01aDQ3LTlybTUtZngzZs4AA2ks
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NjQyLW1oMjctOGo2bc4AA2gW
MantisBT may disclose project names to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 months ago
High
GSA_kwCzR0hTQS12MjN3LXBwcG0tamg2Ns4AA2gU
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcjZoLTd4Mm0tcmdtcc4AA2dG
SQL injection in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jdnd2LWg4NW0tdzM3aM4AA2b7
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNWhxLTZmcmMtNjR2M84AA2bd
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zM3ZqLXI2cDYteDRwOM4AA2YJ
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yamM2LTNmaGotOHE4NM4AA2Xx
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13cnAyLTZ2NmotaGZtZ84AA2Uj
ConcreteCMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1ycjVjLTY5YzktZ2o5Zs4AA2R6
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tcjR3LTd2bTktY2dxeM4AA2RT
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00MzdwLWpmbTQtMjM4N84AA2RU
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02Y3h2LTI3cjItZnAzbc4AA2RX
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02Zm0zLXI2bWYtajg3Nc4AA2RQ
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02eHg3LXI4eDQtZnBqcM4AA2RS
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wNGpqLWd3cGctOWp3aM4AA2RR
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNmg1LWdndjItM3Jmds4AA2RP
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05M2o0LXY4MzgtODc2N84AA2Pm
TYPO3 extension femanager Broken Access Control vulnerability
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01NmZtLWhmcDMteDN3M84AA2MC
Wallabag user can disable 2FA unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zOW0zLWNqOGMtODg2cs4AA2Kn
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yNjU3LTN3cWgtZzJ4Oc4AA2Jx
Microweber uses hard coded credentials
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1qNXd3LTV4ZjQtaHFtMs4AA2J0
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01and2LW04aDMtNjljZ84AA2Jw
phpMyFaq Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xY2pnLWh2ZzYtaHhjcM4AA2Ju
phpMyFAQ allows unrestricted file types in image field
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1qbTZtLTQ2MzItMzZoZs4AA2Jg
Composer Remote Code Execution vulnerability via web-accessible composer.phar
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1ndnJnLTYyanAtcmY3as4AA2H_
PrestaShop allows employee without any access rights to list all installed modules
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03dmZmLXJ2MmYtY2o3Oc4AA2H8
Subrion CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nYzk1LTVtbXAtbXA2as4AA2Hg
Economizzer vulnerable to Clickjacking
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1ocXA5LW1yanctN3FxMs4AA2He
Economizzer host header injection vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oM3FmLXY2OHItMzVqZ84AA2Hl
Economizzer user enumeration vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1wcTk4LTZoZjYtM3JqM84AA2Hc
Economizzer remote code execution vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yZ2Y5LWo3Z3YtcnEyMs4AA2HZ
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wNzZqLWg0bTgtaHg1Y84AA2Gl
Pimcore Demo Allows GraphQL Introspection
Ecosystems: packagist
Packages: pimcore/demo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xODMyLTIyNzUtcmZxaM4AA2Dj
Subrion CMS XSS in /panel/configuration/financial/
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00dzJqLXdqOXEtNndweM4AA2GE
Subrion CMS Cross-site Scripting vulnerability in /panel/languages
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
High
GSA_kwCzR0hTQS12NGoyLWN3bW0teGc4Oc4AA2EH
OpenCart Path Traversal vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOTg4LTczNzUtN2cyY84AA2Bx
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
High
GSA_kwCzR0hTQS03MjVtLXc4MzItcTk3M84AA1_U
Composer allows cache poisoning from other projects built on the same host
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
High
GSA_kwCzR0hTQS02NzczLXJmanYtYzU0d84AA18-
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycThjLWdxZjQtbWczds4AA17s
Cross site scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02cWpmLTdnM2otcXgyNc4AA17k
Neos CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: neos/media-browser
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tNmpqLWZnbWgtM3A4cs4AA145
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01N20yLW1wYzctZ3dneM4AA14x
LibreNMS Code Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xeHJxLTM3NnEtcDM5aM4AA14y
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcDNjLWc0NnYtamcyY84AA14w
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xanB3LXJnNTYtamg4ds4AA143
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01amptLXFwNDgtcXA4Ns4AA144
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1odnBxLTd2Y2MtNWhqNc4AA14n
Froala Editor Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05MmpoLWd3Y2gtanEzOM4AA13q
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
High
GSA_kwCzR0hTQS03OXJjLWpqaDYtcmM4Oc4AA13p
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wOXE4LTd4MjItNXg3N84AA10m
Cecil Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cecil/cecil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1xOGhyLTR3NTgtOTg1cM4AA10n
Cecil Path Traversal vulnerability
Ecosystems: packagist
Packages: cecil/cecil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05MzU4LWNwdngtYzJxcM4AA1zS
Magento LTS's guest order "protect code" can be brute-forced too easily
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00Y3B2LTY2OWMtcjc5eM4AA1yz
Prevent injection of invalid entity ids for "autocomplete" fields
Ecosystems: packagist
Packages: symfony/ux-autocomplete
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zOHZmLTM1Y2ctbTczd84AA1xn
Cockpit CMS arbitrary file upload vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03NDIyLTdycTYtajRxds4AA1lO
Badaso vulnerable to cross-site scripting
Ecosystems: packagist
Packages: uasoft-indonesia/badaso
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related data
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1qNm1wLWh4NGctcDNnbc4AA1iV
Command injection in pagekit
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05OWZnLTJoNzUtbTkyaM4AA1iJ
Spipu HTML2PDF vulnerable to cross-site scripting
Ecosystems: packagist
Packages: spipu/html2pdf
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qeGN4LTNoNTQtcXF4eM4AA1eO
SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05M3d4LWoycXYtNDlmZ84AA1d4
hCaptcha for EXT:form Broken Access Control vulnerability
Ecosystems: packagist
Packages: waldhacker/hcaptcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01OTl2LWgzcTUtZzZyOc4AA1aZ
Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wOGdwLTg5OWMtanZxOc4AA1aY
Wallabag user can reset data unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nanZjLTU1ZnctdjZ2cc4AA1aX
Wallabag user can delete own API client unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 9 months ago
High
GSA_kwCzR0hTQS00NHdyLXJtd3EtM3Bod84AA1aT
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nM212LTY0aDMtaDQ4Ms4AA1ZA
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1ybWd4LTN3NHIteGNmcM4AA1Y0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1mZjQ1LTJqcDktNjlqY84AA1Y1
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04bTY1LXFxNmctNDNycs4AA1Yv
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS01Y3Y0LTQ4aDctNzc4Ms4AA1W0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS02N2M2LXE0ajQtaGNjZ84AA1WM
Flarum vulnerable to LFI and Blind SSRF via Avatar upload
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 9 months ago
High
GSA_kwCzR0hTQS1tNnBmLWNtM2YtNzg3Ns4AA1Tn
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS0zdmY1LXhtMnAtNm1oNc4AA1R0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS03cnZwLXhxajctcnhmMs4AA1QS
Daylight Studio FUEL-CMS SQLi Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00ODQ3LWdxeHgtdjl4cM4AA1QC
ThinkCMF Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ydmpwLWo1ajQtYzlqNc4AA1P9
Gila CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12NGdyLXY2NzktNDJwN84AA1La
PrestaShop file deletion via CustomerMessage
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0ycmY1LTNmdzgtcW00N84AA1LZ
PrestaShop file deletion via attachment API
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
PrestaShop file access through path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2