Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Browse all Security Advisories for packagist

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyeGYtOGg5cC1jNnFq
Cross-Site Request Forgery in forkcms
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ2ctd3g2Ny03cWZ2
Command Injection in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdmYtcmZtcS1xd2Y4
Croos-site scripting in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFweHctNjQ3My1wcHd3
Session Fixation in Subrion CMS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3bXItd2M3OS1tOGoz
PHPMailer untrusted code may be run from an overridden address validator
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNDQtcjI1eC13bTRx
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yd3ItMjk0NS1mcjIy
Cross-site scripting in PageKit
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dngtOGNoeC1xdm1t
Form validation can be skipped
Ecosystems: packagist
Packages: neos/form
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scripting
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmY2YtbTY3bS1qY3Jx
Authentication granted to all firewalls instead of just one
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwaDMtNDRyai05MnBy
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtNTgtY3Z2bS1jNXFy
elFinder unsafe upload filtering leading to remote code execution
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nMmctOHB3ai1yMmoy
Authentication bypass in SilverStripe GraphQL
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1bWYtcTc2cS1mMnhx
Cross-site scripting in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyZzQtMjY2Yy1qcXc2
Predictable CSRF tokens in centreon/centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNDUtajNtNS04cWZx
Server-Side Request Forgery in Feehi CMS
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NWgtNHcyZy1neHhj
SQL Injection in t3/dce
Ecosystems: packagist
Packages: t3/dce
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4Y20tMzZxdy1qMjl2
SQL Injection in tribalsystems/zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhweG0tcGY3Zy0yNTM0
Cross-site scripting in media2click
Ecosystems: packagist
Packages: amazing/media2click
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoY20tamo0eC00Z21y
reflected XSS in tribalsystems/zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGYtcWY5Zi01Zmd3
Remote code execution in zendframework and laminas-http
Ecosystems: packagist
Packages: laminas/laminas-http, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5dzgtaHE5Mi12Mzlt
Cross-site Scripting (XSS) in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczOXEtZjRybS04NXg0
OS Command Injection in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cDUteDlmOS12dnB4
Cross-site Scripting (XSS) in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxanEtNjl3Ni1mZzU3
XSS vulnerability with translator
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzN2gtajQ4My1jampt
Improper rate limiting in Koel
Ecosystems: packagist
Packages: phanan/koel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTYtcjc5cS1oZmd3
Denial of service in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0ycTQtcWdoaC1wOWNx
Server-Side Request Forgery in yoast_seo
Ecosystems: packagist
Packages: yoast-seo-for-typo3/yoast_seo
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2eHYtd3B2NC1mNTJw
Information leakage in Error Handler
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2cDctOHhmdy1manFx
Authenticated Stored XSS in Administration
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3Z20tZjgzci12M3Fq
Improper Certificate Validation in WP-CLI framework
Ecosystems: packagist
Packages: wp-cli/wp-cli
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcycWotcG14bS05Zjhm
User enumeration in authentication mechanisms
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmcngtajloai02YzY1
User enumeration in authentication mechanisms
Ecosystems: packagist
Packages: lexik/jwt-authentication-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwdjgtcHB2ai00aDY4
Prevent user enumeration using Guard or the new Authenticator-based Security
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjeDktN3hxYy0yanht
Reflected cross-site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2N20td2M3Zy03Z2Zw
Cross-Site Request Forgery in MAGMI
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0NzUtcGNoNS02d3Z2
Authentication bypass in MAGMI
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2OHItNXA0NS01cnFw
Improper Input Validation in Laravel
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2Zm0tdjl3di01Nmpm
Cross-site Scripting in OpenCart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqbWgtYzZ2ci1wbXZt
SQL Injection in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0N2YtdnAzcC01ajZo
"Cross-site scripting in ThinkAdmin"
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcXYtZ2NyMy1wZmY5
Cross-site scripting in phpoffice/phpspreadsheet
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4Y2otbXZmOS1tcGM5
OS Command injection in Bolt
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2Z2YtbXJyNC1jdzdy
Cross-Site Request Forgery in ForkCMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OWYtcDU2Zy1nNzV2
SQL Injection in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcjgtNnE3ci1tNHdn
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncDQtNXF4Ni01NDhn
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNDgtZjkzeC05Z3g0
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Ecosystems: packagist
Packages: zendesk/zendesk_api_client_php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtZzktdmh4cS12bTdq
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtanBxNy02YzU0
Insecure Deserialization of untrusted data in rmccue/requests
Ecosystems: packagist
Packages: rmccue/requests
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1aDgtcGM2aC1qdnZ4
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0OHctdmYzYy1ycWp4
Cross-Site Scripting in Bootstrap Package
Ecosystems: packagist
Packages: bk2k/bootstrap-package
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1YzUtZjRndy0zOHI5
Multiple vulnerabilities through filename manipulation in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoNXgtaGZoZy03OGpx
Deserialization of Untrusted Data in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwdzYtOXhmeC1qdmN4
Directory Traversal in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cmYtOTQyOC01Mjdt
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00OTYteDU2Ny1mOThj
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cjQtcDk2ai14Znhj
Grav's Twig processing allowing dangerous PHP functions by default
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwY3ItNDk4Mi01NDht
Exposure of .env if project root is configured as web root in shopware/production
Ecosystems: packagist
Packages: shopware/production
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnN2MtcTN2cS1yZ3hy
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmanAtZzRtNy1meDIz
User (Encrypted) Password Field Being Serialised
Ecosystems: packagist
Packages: pwweb/laravel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmNHctZmc3ci01djk0
Improper Certificate Validation in phpseclib
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3ZngtaGgzdy1majk5
Potential XSS injection in the newsletter conditions field
Ecosystems: packagist
Packages: prestashop/ps_emailsubscription
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRoanEtNDIycS00dnB4
Mautic vulnerable to secret data exfiltration via symfony parameters
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzd2gtMzVyNC02cW13
Moodle allowed some users without permission to view other users' full names
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4MzMtaDMydy02dnIy
Cross site-scripting (XSS) moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnY3AtbTY5aC1wMmdy
Cross-site Scripting (XSS) in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3ItcnA5Ny03cnY0
Privilage Escalation in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aHEtZzRxOC13ODkz
Privilage Escalation in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aHgtZ21obS02MjNj
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoOHYtMnY4eC1oMjY0
SQL Injection in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyanAtaGg2NS00eHZm
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNHItODM0Mi1qbWM5
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Ecosystems: packagist
Packages: fluidtypo3/vhs
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj
Unauthenticated remote code execution in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
Ecosystems: packagist
Packages: pressbooks/pressbooks
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnd3ItNzczcS03ajNj
Path Traversal within joomla/archive zip class
Ecosystems: packagist
Packages: joomla/archive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhncGYtcDUyai1wZjdt
XSS in CreateQueuedJobTask
Ecosystems: packagist
Packages: symbiote/silverstripe-queuedjobs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3aGMteDdmbS1mN3Fo
Cross-Site Scripting in Content Preview (CType menu)
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw
Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3OWotd2dxdi1nOGgy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Zzctanc5bS1wYzNm
Broken Access Control in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqaDMtZzhncS05cTky
Cross-Site Scripting in Content Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4M3ctNDg2NC05NGNo
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtampnYy1oM3I4
Authenticated remote code execution
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyOWctZzk4Mi1wd3B2
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcmYtOTlndy12dndq
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2d2ctMzloOC04cXA4
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1aHItam00ai05anZx
Sandbox escape through template_object in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNycGYtNXJxdi02ODlx
PHP Code Injection by malicious function name in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3ZjktY3ZoNS1xdzdm
Path traversal in pimcore/pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4OGctcXg0Mi14ZnJo
Path traversal in bolt/core
Ecosystems: packagist
Packages: bolt/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 717
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 contao/core-bundle 24 magento/core 24 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 getkirby/cms 22 tribalsystems/zenario 22 laravel/framework 20 funadmin/funadmin 20 contao/contao 19 topthink/framework 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 francoisjacquet/rosariosis 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 opencart/opencart 17 genix/cms 17 symfony/security 17 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 typo3/cms-backend 16 openmage/magento-lts 16 ec-cube/ec-cube 15 symfony/security-http 15 smarty/smarty 15 october/system 15 phpmailer/phpmailer 14 feehi/cms 14 bolt/bolt 14 silverstripe/cms 14 dompdf/dompdf 14 lavalite/cms 13 elefant/cms 13 admidio/admidio 13 studio-42/elfinder 13 sylius/sylius 13 pimcore/admin-ui-classic-bundle 13 impresscms/impresscms 13 codeigniter4/framework 13 phpoffice/phpspreadsheet 12 phpmyfaq/phpmyfaq 12 wwbn/avideo 12 symfony/http-foundation 12 feehi/feehicms 11 wallabag/wallabag 11 TinyMCE 11 pagekit/pagekit 11 tinymce/tinymce 11 tinymce 11 ezsystems/ezplatform-kernel 11 nukeviet/nukeviet 11 ezsystems/ezpublish-legacy 10 sulu/sulu 10 ssddanbrown/bookstack 10 october/october 10 yiisoft/yii2 10 alextselegidis/easyappointments 9 bootstrap 9 bootstrap 9 org.webjars:bootstrap 9 twbs/bootstrap 9 bootstrap 9 concrete5/core 9 statamic/cms 9 contao/core 9 kevinpapst/kimai2 9 silverstripe/graphql 8 silverstripe/admin 8 pterodactyl/panel 8 mantisbt/mantisbt 8 codiad/codiad 8 croogo/croogo 8 composer/composer 8 pimcore/customer-management-framework-bundle 8 ezsystems/ezplatform-admin-ui 8 twig/twig 8 october/cms 8 gilacms/gila 8 facturascripts/facturascripts 8 wpglobus/wpglobus 7 flarum/core 7 passbolt/passbolt_api 7 october/backend 7 bootstrap-sass 7 billz/raspap-webgui 7 bootstrap.sass 7 backdrop/backdrop 7 symfony/http-kernel 7 pear/archive_tar 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 vrana/adminer 6 oro/platform 6 icecoder/icecoder 6 phpseclib/phpseclib 6 gleez/cms 6 bagisto/bagisto 6 directmailteam/direct-mail 6 in2code/femanager 6 yourls/yourls 6 zoujingli/thinkadmin 6 nystudio107/craft-seomatic 6 dweeves/magmi 6 silverstripe/assets 5 ibexa/core 5 limesurvey/limesurvey 5 neos/neos 5 bootstrap-sass 5 phpxmlrpc/phpxmlrpc 5 simplesamlphp/saml2 5 phpservermon/phpservermon 5 kimai/kimai 5 anchorcms/anchor-cms 5 cachethq/cachet 5 thinkcmf/thinkcmf 5 illuminate/database 5 woocommerce/woocommerce 5 codeigniter/framework 5 mautic/core-lib 5 elgg/elgg 5 symfony/security-bundle 5 gugoan/economizzer 5 bottelet/flarepoint 5 typo3/cms-install 5 symfony/security-core 5 typo3/flow 5 neos/flow 5 wintercms/winter 4 bytefury/crater 4 codeigniter4/shield 4 ezyang/htmlpurifier 4 pyrocms/pyrocms 4 typo3/cms-frontend 4 friendsofsymfony/user-bundle 4 typo3/html-sanitizer 4 processwire/processwire 4 sylius/resource-bundle 4 automad/automad 4 notrinos/notrinos-erp 4 appwrite/server-ce 4 shopxo/shopxo 4 zendframework/zendopenid 4 spatie/browsershot 4 modx/revolution 4 magento/product-community-edition 4 adodb/adodb-php 4 evolutioncms/evolution 4 ezsystems/ezplatform 4 wp-premium/gravityforms 4 oro/commerce 4 idno/known 4 reportico-web/reportico 4 bref/bref 4 shopware/storefront 4 symfony/form 3 artesaos/seotools 3 tecnickcom/tcpdf 3 amphp/http-client 3 typo3/phar-stream-wrapper 3 symfony/framework-bundle 3 quickapps/cms 3 bbpress/bbpress 3 redaxo/source 3 in2code/powermail 3 zendframework/zend-http 3 livewire/livewire 3
Filter by Repository
https://github.com/moodle/moodle 218 https://github.com/pimcore/pimcore 113 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/Dolibarr/dolibarr 56 https://github.com/shopware/platform 43 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 34 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/centreon/centreon-archived 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/smarty-php/smarty 12 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/tinymce/tinymce 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/yiisoft/yii2 11 https://github.com/Sylius/Sylius 11 https://github.com/Studio-42/elFinder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/WWBN/AVideo 11 https://github.com/opencart/opencart 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/sulu/sulu 10 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/wallabag/wallabag 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/statamic/cms 8 https://github.com/Froxlor/Froxlor 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/pterodactyl/panel 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/mantisbt/mantisbt 8 https://github.com/GilaCMS/gila 8 https://github.com/twbs/bootstrap 7 https://github.com/twigphp/Twig 7 https://github.com/croogo/croogo 7 https://github.com/pagekit/pagekit 7 https://github.com/passbolt/passbolt_api 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/flarum/framework 7 https://github.com/RaspAP/raspap-webgui 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/composer/composer 7 https://github.com/phpseclib/phpseclib 6 https://github.com/bookstackapp/bookstack 6 https://github.com/oroinc/orocommerce 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/gleez/cms 6 https://github.com/vrana/adminer 6 https://github.com/ezsystems/ezplatform-admin-ui 6 https://github.com/LimeSurvey/LimeSurvey 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/silverstripe/silverstripe-graphql 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/zendframework/zf1 5 https://github.com/backdrop/backdrop 5 https://github.com/nukeviet/nukeviet 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/shopware5/shopware 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/Admidio/admidio 5 https://github.com/jbroadway/elefant 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/contao/core 5 https://github.com/oroinc/platform 5 https://github.com/ADOdb/ADOdb 4 https://github.com/phpservermon/phpservermon 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/codeigniter4/shield 4 https://github.com/oroinc/crm 4 https://github.com/Sylius/SyliusResourceBundle 4 https://github.com/appwrite/appwrite 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/ezsystems/ezplatform 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/BookStackApp/BookStack 4 https://github.com/reportico-web/reportico 4 https://github.com/kimai/kimai 4 https://github.com/bagisto/bagisto 4 https://github.com/brefphp/bref 4 https://github.com/phpbb/phpbb 3 https://github.com/ezsystems/ezplatform-richtext 3 https://github.com/Rudloff/alltube 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/phpbb/phpbb-app 3 https://github.com/xjzzzxx/vulFound 3 https://github.com/facade/ignition 3 https://github.com/PrivateBin/PrivateBin 3 https://github.com/PrestaShop/productcomments 3 https://github.com/dd3x3r/enhavo 3 https://github.com/flarum/core 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/alexbsec/CVEs 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/idno/known 3 https://github.com/in2code-de/femanager 3 https://github.com/in2code-de/powermail 3 https://github.com/modxcms/revolution 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/livewire/livewire 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/wikimedia/mediawiki 3 https://github.com/verbb/comments 3 https://github.com/concrete5/concrete5 3 https://github.com/woocommerce/woocommerce 3 https://github.com/getformwork/formwork 3 https://github.com/aimeos/ai-admin-graphql 3 https://github.com/artesaos/seotools 3 https://github.com/orchidsoftware/platform 3 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/scheb/two-factor-bundle 2 https://github.com/ethercreative/logs 2 https://github.com/jquery/jquery 2 https://github.com/ezsystems/repository-forms 2 https://github.com/z-song/laravel-admin 2 https://github.com/pyrocms/pyrocms 2 https://github.com/sartlabs/0days 2 https://github.com/marcantondahmen/automad 2 https://github.com/robrichards/xmlseclibs 2 https://github.com/Ek-Saini/security 2 https://github.com/KnpLabs/snappy 2 https://github.com/Elgg/Elgg 2 https://github.com/jqhph/dcat-admin 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/joomla/joomla-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/fuel/core 2 https://github.com/froxlor/Froxlor 2 https://github.com/aimeos/ai-client-html 2 https://github.com/aimeos/ai-controller-frontend 2