Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
High
GSA_kwCzR0hTQS03MjVtLXc4MzItcTk3M84AA1_U
Composer allows cache poisoning from other projects built on the same host
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
GSA_kwCzR0hTQS02NzczLXJmanYtYzU0d84AA18-
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycThjLWdxZjQtbWczds4AA17s
Cross site scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02cWpmLTdnM2otcXgyNc4AA17k
Neos CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: neos/media-browser
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xeHJxLTM3NnEtcDM5aM4AA14y
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xanB3LXJnNTYtamg4ds4AA143
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01amptLXFwNDgtcXA4Ns4AA144
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tNmpqLWZnbWgtM3A4cs4AA145
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01N20yLW1wYzctZ3dneM4AA14x
LibreNMS Code Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcDNjLWc0NnYtamcyY84AA14w
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1odnBxLTd2Y2MtNWhqNc4AA14n
Froala Editor Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05MmpoLWd3Y2gtanEzOM4AA13q
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
High
GSA_kwCzR0hTQS03OXJjLWpqaDYtcmM4Oc4AA13p
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wOXE4LTd4MjItNXg3N84AA10m
Cecil Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cecil/cecil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1xOGhyLTR3NTgtOTg1cM4AA10n
Cecil Path Traversal vulnerability
Ecosystems: packagist
Packages: cecil/cecil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05MzU4LWNwdngtYzJxcM4AA1zS
Magento LTS's guest order "protect code" can be brute-forced too easily
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00Y3B2LTY2OWMtcjc5eM4AA1yz
Prevent injection of invalid entity ids for "autocomplete" fields
Ecosystems: packagist
Packages: symfony/ux-autocomplete
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zOHZmLTM1Y2ctbTczd84AA1xn
Cockpit CMS arbitrary file upload vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03NDIyLTdycTYtajRxds4AA1lO
Badaso vulnerable to cross-site scripting
Ecosystems: packagist
Packages: uasoft-indonesia/badaso
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related data
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1qNm1wLWh4NGctcDNnbc4AA1iV
Command injection in pagekit
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05OWZnLTJoNzUtbTkyaM4AA1iJ
Spipu HTML2PDF vulnerable to cross-site scripting
Ecosystems: packagist
Packages: spipu/html2pdf
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qeGN4LTNoNTQtcXF4eM4AA1eO
SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05M3d4LWoycXYtNDlmZ84AA1d4
hCaptcha for EXT:form Broken Access Control vulnerability
Ecosystems: packagist
Packages: waldhacker/hcaptcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01OTl2LWgzcTUtZzZyOc4AA1aZ
Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wOGdwLTg5OWMtanZxOc4AA1aY
Wallabag user can reset data unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nanZjLTU1ZnctdjZ2cc4AA1aX
Wallabag user can delete own API client unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 9 months ago
High
GSA_kwCzR0hTQS00NHdyLXJtd3EtM3Bod84AA1aT
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nM212LTY0aDMtaDQ4Ms4AA1ZA
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1mZjQ1LTJqcDktNjlqY84AA1Y1
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1ybWd4LTN3NHIteGNmcM4AA1Y0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04bTY1LXFxNmctNDNycs4AA1Yv
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS01Y3Y0LTQ4aDctNzc4Ms4AA1W0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS02N2M2LXE0ajQtaGNjZ84AA1WM
Flarum vulnerable to LFI and Blind SSRF via Avatar upload
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 9 months ago
High
GSA_kwCzR0hTQS1tNnBmLWNtM2YtNzg3Ns4AA1Tn
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS0zdmY1LXhtMnAtNm1oNc4AA1R0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00ODQ3LWdxeHgtdjl4cM4AA1QC
ThinkCMF Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS03cnZwLXhxajctcnhmMs4AA1QS
Daylight Studio FUEL-CMS SQLi Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ydmpwLWo1ajQtYzlqNc4AA1P9
Gila CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12NGdyLXY2NzktNDJwN84AA1La
PrestaShop file deletion via CustomerMessage
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0ycmY1LTNmdzgtcW00N84AA1LZ
PrestaShop file deletion via attachment API
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
PrestaShop file access through path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
High
GSA_kwCzR0hTQS14dzJyLWY4eHYtYzh4cM4AA1LX
PrestaShop XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tOXI0LTNmZzctcHFtMs4AA1LV
PrestaShop path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03NXA1LWp3eDQtcXc5aM4AA1LU
PrestaShop boolean SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
High
GSA_kwCzR0hTQS13M3FtLTkzdmYtNWhyd84AA1Ej
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS14Y3EzLTdwZjMtNWp2Y84AA1Ei
Cockpit PHP Remote File Inclusion vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xcThtLTlycHgtdzJmbc4AA1EV
Admidio Insufficient Session Expiration vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1meGM1LXByNjgtMnB4M84AA1Dx
omeka/omeka-s Improper Input Validation vulnerability
Ecosystems: packagist
Packages: omeka/omeka-s
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13N3ZtLTR2M2otdmdwd84AA1Db
PyroCMS remote code execution vulnerability
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13bXdmLTQ5dnYtcDNtcs4AA1Cm
Sulu Observable Response Discrepancy on Admin Login
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zNGhqLXY4Zm0teDg4N84AA1CJ
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03MzVmLXc3OXAtMjgyeM4AA1CI
pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 10 months ago
High
GSA_kwCzR0hTQS03cjg4LXdqaGotanI4bc4AA0-w
RaspAP Command Injection vulnerability
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03YzI4LXdnN3ItcGc2Zs4AA0-u
RaspAP Command Injection vulnerability
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00cTY2LWc0bW0tOHJnNc4AA0-O
Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1xOXZtLTI5cGgtcDdtcM4AA09H
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 10 months ago
High
GSA_kwCzR0hTQS0yeHZ4LTM2OGgtcWNtds4AA09I
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 10 months ago
High
GSA_kwCzR0hTQS14NW1yLXA2djQtd3A5M84AA08O
Field injection in the KirbyData text storage handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 10 months ago
High
GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N
Insufficient Session Expiration after a password change
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xMzg2LXc2ZmctZ21ncM4AA08M
XML External Entity (XXE) vulnerability in the XML data handler
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zdjZqLXYzcWMtY3hmZs4AA08K
Denial of service from unlimited password lengths
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yNDd2LXJ4Y2ctcDI4as4AA05v
Stored Cross-Site Scripting October CMS
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tOGZ3LXAzY3ItNmpxY84AA04p
Cross-Site Scripting in CKEditor4 WordCount Plugin
Ecosystems: packagist
Packages: typo3/cms-rte-ckeditor
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01OWpmLTNxOXYtcmg2Z84AA04l
By-passing Cross-Site Scripting Protection in HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00Z3ByLXA2MzQtOTIyeM4AA04d
Cross site scripting via input unit widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1yODdyLTk4MnEtMmMzcc4AA01l
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 10 months ago
High
GSA_kwCzR0hTQS1jOWh3LTU1N3EtZjhocc4AA01k
Pimcore vulnerable to SQL Injection in Dataobjects sorting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03OHEyLWN2M3AteDlmbc4AA01Y
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12bXB2LXFqaHEtcjQ2M84AA01a
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 10 months ago
High
GSA_kwCzR0hTQS00NWcyLXIzMzktcGp3Zs4AA00m
Cockpit CMS Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS05cjI1LTRqNzctOXdjN84AA001
Cockpit CMS vulnerable to incorrect access control
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS05NDM2LTNnbXAtNGY1M84AA0zw
grav Server-side Template Injection (SSTI) mitigation bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04YzZxLTI2dzYtcXdoZ84AA0u3
Easy!Appointments Improper Access Control vulnerability
Ecosystems: packagist
Packages: alextselegidis/easyappointments
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xMzQ3LWpyeDgtNXB3Oc4AA0uP
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS03eHIyLThmZjctNmZqcc4AA0t9
zenstruck/collection passing callable string to EntityRepository::find() and query()
Ecosystems: packagist
Packages: zenstruck/collection
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS03d3J2LTZoNDItdzU0Zs4AA0t5
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1yeHA1LXF3cmYtcGZ2M84AA0ta
Pimcore SQL Injection vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1jNnY1LXBmNjYteGZxOM4AA0tO
Froxlor vulnerable to Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02NjdyLXA0Z2ctN20ycc4AA0sU
ImpressCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ocXY5LTZqcXctOWc4bc4AA0pt
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1waDZnLXA3MnYtcGMzcM4AA0m1
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12eDM1LWYzNzktNHE0Oc4AA0ie
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02cXE3LTNocWMtcDV3NM4AA0h8
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01MjRyLXc4ZngtaHFnM84AA0iI
TeamPass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 10 months ago
High
GSA_kwCzR0hTQS0ycmhnLWhxcTktOHhqaM4AA0f_
TeamPass information exposure vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
High
GSA_kwCzR0hTQS0yY3Y1LXF2cTMtNjI3Ns4AA0f-
TeamPass vulnerable to Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05N2htLTJtZnItMnA5N84AA0f9
TeamPass Code Injection vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu
Winter CMS stored XSS through privileged upload of SVG file
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS0zcTc2LWpxNm0tNTczcM4AA0fJ
Archive_Tar contains Potential RCE if filename starts with phar://
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
High
GSA_kwCzR0hTQS1wd3J3LWcyOXEtM21wOM4AA0e2
TeamPass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 11 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 634
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 203 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 nilsteampassnet/teampass 37 froxlor/froxlor 37 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 30 getgrav/grav 29 centreon/centreon 27 shopware/shopware 27 prestashop/prestashop 26 magento/core 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 mediawiki/core 23 getkirby/cms 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 tribalsystems/zenario 20 laravel/framework 19 contao/contao 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 genix/cms 17 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 phpmailer/phpmailer 14 zendframework/zendframework1 14 typo3/cms-backend 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 codeigniter4/framework 13 bolt/bolt 13 elefant/cms 13 lavalite/cms 13 impresscms/impresscms 13 october/system 13 sylius/sylius 12 dompdf/dompdf 12 phpbb/phpbb 12 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 feehi/feehicms 11 silverstripe/cms 11 zendframework/zendframework 11 feehi/cms 11 ezsystems/ezplatform-kernel 11 opencart/opencart 10 ezsystems/ezpublish-legacy 10 wwbn/avideo 10 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 pagekit/pagekit 10 nukeviet/nukeviet 10 wallabag/wallabag 10 kevinpapst/kimai2 9 TinyMCE 9 contao/core 9 funadmin/funadmin 9 ssddanbrown/bookstack 9 tinymce/tinymce 9 october/october 9 tinymce 9 concrete5/core 9 alextselegidis/easyappointments 9 yiisoft/yii2 8 october/cms 8 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 sulu/sulu 8 codiad/codiad 8 flarum/core 7 wpglobus/wpglobus 7 ezsystems/ezplatform-admin-ui 7 mantisbt/mantisbt 7 silverstripe/admin 7 silverstripe/graphql 7 october/backend 7 symfony/http-foundation 7 statamic/cms 7 pterodactyl/panel 7 yiisoft/yii2-dev 6 directmailteam/direct-mail 6 yourls/yourls 6 gleez/cms 6 bagisto/bagisto 6 dweeves/magmi 6 guzzlehttp/guzzle 6 in2code/femanager 6 symfony/http-kernel 6 composer/composer 6 nystudio107/craft-seomatic 6 zoujingli/thinkadmin 6 backdrop/backdrop 6 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 cachethq/cachet 5 automad/automad 5 phpxmlrpc/phpxmlrpc 5 neos/flow 5 billz/raspap-webgui 5 typo3/cms-install 5 elgg/elgg 5 phpseclib/phpseclib 5 neos/neos 5 illuminate/database 5 vrana/adminer 5 symfony/security-core 5 anchorcms/anchor-cms 5 codeigniter/framework 5 pear/archive_tar 5 oro/platform 5 bottelet/flarepoint 5 gugoan/economizzer 5 ibexa/core 5 symfony/security-bundle 4 modx/revolution 4 typo3/html-sanitizer 4 ezsystems/ezplatform 4 oro/commerce 4 phpservermon/phpservermon 4 notrinos/notrinos-erp 4 codeigniter4/shield 4 bref/bref 4 wp-premium/gravityforms 4 idno/known 4 wintercms/winter 4 typo3/cms-frontend 4 kimai/kimai 4 woocommerce/woocommerce 4 appwrite/server-ce 4 magento/product-community-edition 4 friendsofsymfony/user-bundle 4 pyrocms/pyrocms 4 bytefury/crater 4 evolutioncms/evolution 4 spatie/browsershot 4 adodb/adodb-php 4 shopware/storefront 4 sylius/resource-bundle 3 symfony/form 3 amphp/http-client 3 uvdesk/community-skeleton 3 enhavo/enhavo-app 3 zendframework/zendservice-amazon 3 pixelfed/pixelfed 3 zendframework/zendservice-api 3 facade/ignition 3 joomla/joomla-cms 3 twig/twig 3 phenx/php-svg-lib 3 shopxo/shopxo 3 doctrine/orm 3 yiisoft/yii 3 joomla/framework 3 quickapps/cms 3 reportico-web/reportico 3 qcubed/qcubed 3 phpoffice/phpspreadsheet 3 rudloff/alltube 3 ckeditor4 3 verbb/comments 3 icecoder/icecoder 3 typo3/cms-form 3 zencart/zencart 3 processwire/processwire 3 froala/wysiwyg-editor 3 buddypress/buddypress 3 illuminate/auth 3 limesurvey/limesurvey 3 bbpress/bbpress 3 zendframework/zendopenid 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/centreon/centreon-archived 12 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/semplon/GeniXCMS 9 https://github.com/bolt/bolt 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/kevinpapst/kimai2 9 https://github.com/funadmin/funadmin 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/tinymce/tinymce 9 https://github.com/francoisjacquet/rosariosis 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/sulu/sulu 8 https://github.com/TribalSystems/Zenario 8 https://github.com/admidio/admidio 8 https://github.com/Froxlor/Froxlor 8 https://github.com/pimcore/customer-data-framework 8 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/croogo/croogo 7 https://github.com/flarum/framework 7 https://github.com/mantisbt/mantisbt 7 https://github.com/pagekit/pagekit 7 https://github.com/Codiad/Codiad 7 https://github.com/bookstackapp/bookstack 6 https://github.com/ImpressCMS/impresscms 6 https://github.com/wintercms/winter 6 https://github.com/guzzle/guzzle 6 https://github.com/statamic/cms 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/ezsystems/ezpublish-legacy 6 https://github.com/gleez/cms 6 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/composer/composer 5 https://github.com/nukeviet/nukeviet 5 https://github.com/jbroadway/elefant 5 https://github.com/pear/Archive_Tar 5 https://github.com/contao/core 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/ibexa/core 5 https://github.com/vrana/adminer 5 https://github.com/Bottelet/DaybydayCRM 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/phpseclib/phpseclib 5 https://github.com/zendframework/zf1 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/codeigniter4/shield 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/ADOdb/ADOdb 4 https://github.com/spatie/browsershot 4 https://github.com/opencart/opencart 4 https://github.com/ezsystems/ezplatform 4 https://github.com/oroinc/platform 4 https://github.com/yourls/yourls 4 https://github.com/screetsec/VDD 4 https://github.com/kimai/kimai 4 https://github.com/crater-invoice/crater 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/fiveai/Cachet 4 https://github.com/phpservermon/phpservermon 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/brefphp/bref 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/bagisto/bagisto 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/PrestaShop/productcomments 3 https://github.com/elgg/elgg 3 https://github.com/qcubed/qcubed 3 https://github.com/quickapps/cms 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/guzzle/psr7 3 https://github.com/reportico-web/reportico 3 https://github.com/Rudloff/alltube 3 https://github.com/modxcms/revolution 3 https://github.com/dd3x3r/enhavo 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/in2code-de/femanager 3 https://github.com/pixelfed/pixelfed 3 https://github.com/twigphp/Twig 3 https://github.com/facade/ignition 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/flarum/core 3 https://github.com/notrinos/notrinoserp 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/verbb/comments 3 https://github.com/oroinc/crm 3 https://github.com/FriendsOfSymfony/FOSUserBundle 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/liufee/feehicms 3 https://github.com/idno/known 3 https://github.com/concrete5/concrete5 3 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/cecilapp/cecil 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/filegator/filegator 2 https://github.com/TYPO3/Fluid 2 https://github.com/squizlabs/PHP_CodeSniffer 2 https://github.com/CCCCCrash/POCs 2 https://github.com/ezsystems/repository-forms 2 https://github.com/amphp/http-client 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/woocommerce/woocommerce 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/laravel/socialite 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/api-platform/core 2 https://github.com/bcit-ci/CodeIgniter 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/ethercreative/logs 2 https://github.com/mustgundogdu/Research 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/munkireport/munkireport-php 2 https://github.com/apereo/phpCAS 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/livewire/livewire 2 https://github.com/onelogin/php-saml 2 https://github.com/verbb/knock-knock 2 https://github.com/icecoder/ICEcoder 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/orchidsoftware/platform 2 https://github.com/ckeditor/ckeditor4 2 https://github.com/verbb/image-resizer 2 https://github.com/fuel/core 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/paragonie/phpecc 2 https://github.com/aws/aws-sdk-php 2 https://github.com/passbolt/passbolt_api 2 https://github.com/azuracast/azuracast 2 https://github.com/joomla/joomla-cms 2