Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Browse all Security Advisories for packagist

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtcDV3My01bTI1
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cjItaGo1Yy04ang2
SSRF in adminer
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwZ3gtZ2NwaC1tcHFy
vrana/adminer via XSS in the history parameter in SQL command
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2ZzQtOXJjMi13dmNy
Generation of fake documents via public GET-call
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzktMzVwMi1xMmM1
Steam Socialite Provider v1 does not correctly validate openid server
Ecosystems: packagist
Packages: socialiteproviders/steam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3djQtZ202ai1jdzlt
XSS in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzZ2ctN3d4Mi1jcTNo
XSS in Flarum Sticky extension
Ecosystems: packagist
Packages: flarum/sticky
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3gtNGd4eC1oNDhm
Users can edit the tags of any discussion
Ecosystems: packagist
Packages: flarum/tags
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NDQtNzY0Ny14Znc5
Blind SQL injection in PrestaShop productcomments module
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djktMmZweC1qNWc5
CSV Injection vulnerability with exported contact lists in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OTgtZng5ai03Yzc4
Disabled users able to log in with third party SSO plugin
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NzQtang3bS14Nmh2
XSS vulnerability in theme config file in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjZjctY2o4cS1wY2pt
XSS vulnerability in Author URL of themes in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3ctMmM3Mi00Yzg5
Mautic users able to download any files from server using filemanager
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d2otajNqYy04NTht
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3angtajc3bS13cDY1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXgtanc2cC1xM3Jm
Cross-Site Scripting in Fluid view helpers
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bXItNjQyOC04N3c5
Cross-Site Scripting in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczaDgtY2c5eC00N3F3
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1NGotZjI3ci1jajUy
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0dnAtcm1xdi01ODc1
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3anItNmZqNy1mYzZo
Local File Inclusion by unauthenticated users
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwam0tM3d3NS02Y3Bm
Cross-Site Scripting through Fluid view helper arguments
Ecosystems: packagist
Packages: typo3fluid/fluid
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4dzQtdzc3dy1xdjN3
Reflected XSS with parameters in PostComment
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyZmgtZnA0eC1jcnJx
Persistent XSS in newsletter module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZnctODhocS02am1t
Persistent XSS in shopping worlds
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjktN3E0Zy1wbXZt
Persistent XSS in customer module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqcTYtdzVjZy13bTQ1
Exploitable inventory component chaining in PocketMine-MP
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwd3ctNGpmNC00aHg4
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NXEtajlwNC0zdnhn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZ2YtdmZ3Mi1oajI2
RCE via PHP Object injection via SOAP Requests
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmbXYtcTI2OS01NWN3
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4djktcWNyOS13dzlq
Authenticated XML External Entity Processing
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndzQteDYzaC01NDk5
Ability to switch customer email address on account detail page and stay verified
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OXctaGNjbS0yNjV4
Inline attribute values were not processed.
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4MjItcHc1Ny12djM3
XSS vulnerability when listing users on add & modify server pages.
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3MzMtaGp2Ni00aDQ3
Cross-Site Scripting in ternary conditional operator
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3fluid/fluid
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThndjMtM2o3Zi13Zzk0
Potential Remote Code Execution vulnerability
Ecosystems: packagist
Packages: nette/application
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2aHItNTVoZy0zcXd2
Non-persistent XSS in the Storefront in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2YzUtY2Zyci0zODR2
RCE in Third Party Library in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1aHgtNjJyaC1nZzk2
Potential XSS injection In PrestaShop contactform
Ecosystems: packagist
Packages: prestashop/contactform
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNmctZ2pwOC1nZ2c5
personnummer/php vulnerable to Improper Input Validation
Ecosystems: packagist
Packages: personnummer/personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cmctN3Jwci1jd3Iy
Information Disclosure in TYPO3 extension sf_event_mgt
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NGgtNXIyNy03eDNy
RCE in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtdjQtZ21tZi1xMzgy
DataTable Vulnerable to Cross-Site Scripting
Ecosystems: packagist, npm
Packages: datatables/datatables, datatables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3M3gtZjV3eC1meHB3
Cross Site Scripting and RCE in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNweGMtNjdyYy1jNzc1
Cross Site Scripting in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cGotOWc1OS00cHB2
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZjIteG02eC00NnA2
Observable Timing Discrepancy in OpenMage LTS
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmbTQtcHE1OS13ZzZy
Reset Password / Login vulnerability in Sulu
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1bW0tNTM5OS03cjYz
Reliance on Cookies without validation in OctoberCMS
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwcXYteDlobS0zNWo5
Cross-site Scripting vulnerability in Kitodo.Presentation
Ecosystems: packagist
Packages: kitodo/presentation
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3ajUtOWo3Ny1nNGdx
Remote code execution in turn extension for TYPO3
Ecosystems: packagist
Packages: marcwillmann/turn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3Z3ItanZxci0zaHdt
Incorrect access control in typo3_forum
Ecosystems: packagist
Packages: mittwald/typo3_forum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4OTQtZnY1aC01cTJj
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dnItM203NC1qd3hw
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRoNDQtdzZmbS01NDhn
Potential Remote Code Execution in TYPO3 with mediace extension
Ecosystems: packagist
Packages: friendsoftypo3/mediace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzamotMnJ3Yy0ybTNm
Broken access control on files
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3Z2YtM3hwNy1jeGo0
Potentially sensitive data exposure in Symfony Web Socket Bundle
Ecosystems: packagist
Packages: gos/web-socket-bundle
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyOTUtNG1xNS1yM2Zo
Phar unserialization vulnerability in phpMussel
Ecosystems: packagist
Packages: Maikuolan/phpMussel, phpmussel/phpmussel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04
CSRF issue on preview pages in Bolt CMS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4cTMtN3dqcC03cTNq
The filename of uploaded files vulnerable to stored XSS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMS
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4d2gtNmp3NC0yaDc5
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Ecosystems: packagist
Packages: rainlab/debugbar-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnNngteHg3OC00NDhj
Reflected XSS when importing CSV in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NnYtZnZ2eC00OTMy
Arbitrary File Deletion vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2YtYzJqNS1yeDJm
Local File read vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3aHgtZnF4dy1ydnZq
Insufficient output escaping of attachment names in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4dnItcjkybS1xOWh3
XSS in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxZzgtY3J4OS1nOG00
Backend Same-Site Request Forgery in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3ajktNDM0eC05aHZw
Insecure Deserialization in Backend User Settings in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyeGgtaDZoOS1xcnFj
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNzctZ2czNi05ODY0
Cross-Site Scripting in TYPO3 CMS Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2otbWoydy13aDQ2
Cross-Site Scripting in TYPO3 CMS Form Engine
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0N3gtODc3cC1oY3d4
Information Disclosure in Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5Y2YtbTd2NS13aDV3
Cross-Site Scripting in SVG Sanitizer
Ecosystems: packagist
Packages: t3g/svg-sanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 717
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
moodle/moodle 367 magento/community-edition 235 typo3/cms 174 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 thorsten/phpmyfaq 70 symfony/symfony 69 concrete5/concrete5 60 shopware/platform 52 baserproject/basercms 47 craftcms/cms 46 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 snipe/snipe-it 35 zendframework/zendframework1 34 shopware/shopware 30 getgrav/grav 29 mediawiki/core 28 centreon/centreon 27 prestashop/prestashop 26 magento/core 24 contao/core-bundle 24 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 getkirby/cms 22 tribalsystems/zenario 22 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 forkcms/forkcms 18 topthink/framework 18 cockpit-hq/cockpit 18 opencart/opencart 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 openmage/magento-lts 16 phpbb/phpbb 16 typo3/cms-backend 16 yetiforce/yetiforce-crm 16 smarty/smarty 15 ec-cube/ec-cube 15 october/system 15 symfony/security-http 15 silverstripe/cms 14 dompdf/dompdf 14 feehi/cms 14 bolt/bolt 14 phpmailer/phpmailer 14 impresscms/impresscms 13 admidio/admidio 13 pimcore/admin-ui-classic-bundle 13 codeigniter4/framework 13 studio-42/elfinder 13 sylius/sylius 13 lavalite/cms 13 elefant/cms 13 phpoffice/phpspreadsheet 12 phpmyfaq/phpmyfaq 12 wwbn/avideo 12 symfony/http-foundation 12 pagekit/pagekit 11 tinymce 11 TinyMCE 11 nukeviet/nukeviet 11 ezsystems/ezplatform-kernel 11 tinymce/tinymce 11 wallabag/wallabag 11 feehi/feehicms 11 ssddanbrown/bookstack 10 yiisoft/yii2 10 ezsystems/ezpublish-legacy 10 sulu/sulu 10 october/october 10 org.webjars:bootstrap 9 bootstrap 9 twbs/bootstrap 9 bootstrap 9 concrete5/core 9 kevinpapst/kimai2 9 contao/core 9 statamic/cms 9 bootstrap 9 alextselegidis/easyappointments 9 pterodactyl/panel 8 silverstripe/admin 8 composer/composer 8 october/cms 8 twig/twig 8 facturascripts/facturascripts 8 mantisbt/mantisbt 8 ezsystems/ezplatform-admin-ui 8 gilacms/gila 8 silverstripe/graphql 8 pimcore/customer-management-framework-bundle 8 croogo/croogo 8 codiad/codiad 8 passbolt/passbolt_api 7 october/backend 7 symfony/http-kernel 7 bootstrap.sass 7 wpglobus/wpglobus 7 billz/raspap-webgui 7 bootstrap-sass 7 flarum/core 7 backdrop/backdrop 7 guzzlehttp/guzzle 6 nystudio107/craft-seomatic 6 vrana/adminer 6 gleez/cms 6 directmailteam/direct-mail 6 dweeves/magmi 6 yiisoft/yii2-dev 6 phpseclib/phpseclib 6 yourls/yourls 6 icecoder/icecoder 6 oro/platform 6 in2code/femanager 6 bagisto/bagisto 6 pear/archive_tar 6 zoujingli/thinkadmin 6 phpservermon/phpservermon 5 neos/flow 5 neos/neos 5 symfony/security-core 5 thinkcmf/thinkcmf 5 typo3/flow 5 phpxmlrpc/phpxmlrpc 5 ibexa/core 5 bootstrap-sass 5 woocommerce/woocommerce 5 mautic/core-lib 5 elgg/elgg 5 simplesamlphp/saml2 5 anchorcms/anchor-cms 5 symfony/security-bundle 5 typo3/cms-install 5 gugoan/economizzer 5 illuminate/database 5 codeigniter/framework 5 cachethq/cachet 5 silverstripe/assets 5 kimai/kimai 5 bottelet/flarepoint 5 limesurvey/limesurvey 5 zendframework/zendopenid 4 adodb/adodb-php 4 spatie/browsershot 4 shopware/storefront 4 notrinos/notrinos-erp 4 wp-premium/gravityforms 4 wintercms/winter 4 pyrocms/pyrocms 4 ezsystems/ezplatform 4 processwire/processwire 4 magento/product-community-edition 4 bytefury/crater 4 idno/known 4 shopxo/shopxo 4 automad/automad 4 codeigniter4/shield 4 evolutioncms/evolution 4 typo3/html-sanitizer 4 appwrite/server-ce 4 sylius/resource-bundle 4 reportico-web/reportico 4 bref/bref 4 oro/commerce 4 modx/revolution 4 friendsofsymfony/user-bundle 4 ezyang/htmlpurifier 4 typo3/cms-frontend 4 bbpress/bbpress 3 redaxo/source 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 zencart/zencart 3 apache-solr-for-typo3/solr 3 zendframework/zend-diactoros 3 ibexa/admin-ui 3 in2code/powermail 3 typo3/neos 3 joomla/framework 3 rudloff/alltube 3
Filter by Repository
https://github.com/moodle/moodle 218 https://github.com/pimcore/pimcore 113 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/Dolibarr/dolibarr 56 https://github.com/shopware/platform 43 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 34 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/centreon/centreon-archived 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/smarty-php/smarty 12 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/tinymce/tinymce 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/yiisoft/yii2 11 https://github.com/Sylius/Sylius 11 https://github.com/Studio-42/elFinder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/WWBN/AVideo 11 https://github.com/opencart/opencart 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/sulu/sulu 10 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/wallabag/wallabag 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/statamic/cms 8 https://github.com/Froxlor/Froxlor 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/pterodactyl/panel 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/mantisbt/mantisbt 8 https://github.com/GilaCMS/gila 8 https://github.com/twbs/bootstrap 7 https://github.com/twigphp/Twig 7 https://github.com/croogo/croogo 7 https://github.com/pagekit/pagekit 7 https://github.com/passbolt/passbolt_api 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/flarum/framework 7 https://github.com/RaspAP/raspap-webgui 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/composer/composer 7 https://github.com/phpseclib/phpseclib 6 https://github.com/bookstackapp/bookstack 6 https://github.com/oroinc/orocommerce 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/gleez/cms 6 https://github.com/vrana/adminer 6 https://github.com/ezsystems/ezplatform-admin-ui 6 https://github.com/LimeSurvey/LimeSurvey 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/silverstripe/silverstripe-graphql 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/zendframework/zf1 5 https://github.com/backdrop/backdrop 5 https://github.com/nukeviet/nukeviet 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/shopware5/shopware 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/Admidio/admidio 5 https://github.com/jbroadway/elefant 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/pear/Archive_Tar 5 https://github.com/ibexa/core 5 https://github.com/contao/core 5 https://github.com/oroinc/platform 5 https://github.com/ADOdb/ADOdb 4 https://github.com/phpservermon/phpservermon 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/codeigniter4/shield 4 https://github.com/oroinc/crm 4 https://github.com/Sylius/SyliusResourceBundle 4 https://github.com/appwrite/appwrite 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/ezsystems/ezplatform 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/BookStackApp/BookStack 4 https://github.com/reportico-web/reportico 4 https://github.com/kimai/kimai 4 https://github.com/bagisto/bagisto 4 https://github.com/brefphp/bref 4 https://github.com/phpbb/phpbb 3 https://github.com/ezsystems/ezplatform-richtext 3 https://github.com/Rudloff/alltube 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/phpbb/phpbb-app 3 https://github.com/xjzzzxx/vulFound 3 https://github.com/facade/ignition 3 https://github.com/PrivateBin/PrivateBin 3 https://github.com/PrestaShop/productcomments 3 https://github.com/dd3x3r/enhavo 3 https://github.com/flarum/core 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/alexbsec/CVEs 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/pixelfed/pixelfed 3 https://github.com/idno/known 3 https://github.com/in2code-de/femanager 3 https://github.com/in2code-de/powermail 3 https://github.com/modxcms/revolution 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/livewire/livewire 3 https://github.com/liufee/feehicms 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/wikimedia/mediawiki 3 https://github.com/verbb/comments 3 https://github.com/concrete5/concrete5 3 https://github.com/woocommerce/woocommerce 3 https://github.com/getformwork/formwork 3 https://github.com/aimeos/ai-admin-graphql 3 https://github.com/artesaos/seotools 3 https://github.com/orchidsoftware/platform 3 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/scheb/two-factor-bundle 2 https://github.com/ethercreative/logs 2 https://github.com/jquery/jquery 2 https://github.com/ezsystems/repository-forms 2 https://github.com/z-song/laravel-admin 2 https://github.com/pyrocms/pyrocms 2 https://github.com/sartlabs/0days 2 https://github.com/marcantondahmen/automad 2 https://github.com/robrichards/xmlseclibs 2 https://github.com/Ek-Saini/security 2 https://github.com/KnpLabs/snappy 2 https://github.com/Elgg/Elgg 2 https://github.com/jqhph/dcat-admin 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/joomla/joomla-cms 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/fuel/core 2 https://github.com/froxlor/Froxlor 2 https://github.com/aimeos/ai-client-html 2 https://github.com/aimeos/ai-controller-frontend 2