Browse Security Advisories
Security Advisories for mautic/core Clear Filters
Moderate
28 days ago
Mautic Vulnerable to User Enumeration via Response Timing
packagist
mautic/core
Moderate
28 days ago
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
packagist
mautic/core
Moderate
4 months ago
Mautic has an Open Redirect vulnerability on user unlock path.
packagist
mautic/core
Moderate
4 months ago
Mautic segment cloning doesn't have a proper permission check
packagist
mautic/core
Moderate
4 months ago
Mautic allows user name enumeration due to response time difference on password reset form
packagist
mautic/core
Moderate
4 months ago
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
packagist
mautic/core
Moderate
7 months ago
Mautic allows Relative Path Traversal in assets file upload
packagist
mautic/core
Critical
7 months ago
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
packagist
mautic/core
Moderate
about 1 year ago
Mautic allows users enumeration due to weak password login
packagist
mautic/core
Moderate
about 1 year ago
Mautic has insufficient authentication in upgrade flow
packagist
mautic/core-lib, mautic/core
Moderate
about 1 year ago
Mautic has an XSS in contact tracking and page hits report
packagist
mautic/core, mautic/core-lib
Moderate
about 1 year ago
Mautic vulnerable to XSS in contact/company tracking (no authentication)
packagist
mautic/core-lib, mautic/core
Moderate
about 1 year ago
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
packagist
mautic/core-lib, mautic/core
Moderate
over 1 year ago
Mautic: MST-48 Server-Side Request Forgery in Asset section
packagist
mautic/core
High
over 1 year ago
Mautic Sensitive Data Exposure due to inadequate user permission settings
packagist
mautic/core
High
over 1 year ago
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
packagist
mautic/core
Moderate
over 1 year ago
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
packagist
mautic/core
High
over 1 year ago
Mautic vulnerable to stored cross-site scripting in description field
packagist
mautic/core
Critical
over 3 years ago
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
packagist
mautic/core
Moderate
over 4 years ago
Mautic vulnerable to secret data exfiltration via symfony parameters
packagist
mautic/core
Moderate
over 4 years ago
CSV Injection vulnerability with exported contact lists in Mautic
packagist
mautic/core
High
over 4 years ago
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
packagist
mautic/core
High
over 4 years ago
Disabled users able to log in with third party SSO plugin
packagist
mautic/core
Moderate
over 4 years ago
Mautic users able to download any files from server using filemanager
packagist
mautic/core
Critical
over 4 years ago
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
packagist
mautic/core
Filter by Severity
Filter by Ecosystem
maven
6,747
packagist
5,263
pypi
4,827
npm
4,314
go
2,849
nuget
1,573
cargo
1,085
rubygems
897
actions
39
hex
38
swift
36
pub
9
Filter by Package
tensorflow
430
moodle/moodle
418
tensorflow-cpu
409
tensorflow-gpu
407
magento/community-edition
295
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
242
typo3/cms
179
com.liferay.portal:release.portal.bom
138
org.apache.tomcat:tomcat
134
github.com/mattermost/mattermost/server/v8
129
com.liferay.portal:release.dxp.bom
124
pimcore/pimcore
120
dolibarr/dolibarr
116
typo3/cms-core
108
phpmyadmin/phpmyadmin
107
microweber/microweber
103
Django
102
drupal/core
98
silverstripe/framework
91
apache-airflow
86
librenms/librenms
83
drupal/drupal
81
thorsten/phpmyfaq
73
Plone
70
com.fasterxml.jackson.core:jackson-databind
69
github.com/usememos/memos
68
concrete5/concrete5
67
salt
65
magento/project-community-edition
63
ansible
63
apache-superset
61
actionpack
59
shopware/platform
58
org.apache.struts:struts2-core
57
symfony/symfony
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
53
org.keycloak:keycloak-core
50
github.com/hashicorp/vault
49
nova
48
github.com/rancher/rancher
48
mautic/core
47
baserproject/basercms
47
shopware/core
46
nokogiri
46
vyper
44
gradio
44
org.xwiki.platform:xwiki-platform-oldcore
43
matrix-synapse
42
nilsteampassnet/teampass
42
rdiffweb
42
org.keycloak:keycloak-services
42
k8s.io/kubernetes
42
showdoc/showdoc
41
mantisbt/mantisbt
41
org.elasticsearch:elasticsearch
41
github.com/mattermost/mattermost-server
41
intelliants/subrion
40
froxlor/froxlor
40
picklescan
39
snipe/snipe-it
38
directus
38
com.thoughtworks.xstream:xstream
37
org.apache.tomcat.embed:tomcat-embed-core
37
github.com/mattermost/mattermost-server/v6
36
com.jfinal:jfinal
36
github.com/argoproj/argo-cd/v2
36
net.mingsoft:ms-mcms
36
moin
35
io.undertow:undertow-core
35
github.com/answerdev/answer
34
zendframework/zendframework1
33
org.jenkins-ci.plugins:script-security
33
parse-server
33
gogs.io/gogs
32
github.com/hashicorp/nomad
31
keystone
31
shopware/shopware
31
django
31
github.com/cilium/cilium
31
opencv-python
31
github.com/argoproj/argo-cd
30
opencv-contrib-python
30
rack
30
getgrav/grav
30
github.com/hashicorp/consul
29
github.com/docker/docker
29
next
29
electron
28
mediawiki/core
28
plone
28
pillow
28
Pillow
28
centreon/centreon
27
contao/core-bundle
27
DotNetNuke.Core
27
prestashop/prestashop
27
org.springframework.security:spring-security-core
27
org.apache.solr:solr-core
27
org.opencms:opencms-core
27
rubygems-update
25
openssl-src
25
pocketmine/pocketmine-mp
25
vllm
25
github.com/traefik/traefik/v2
25
open-webui
25
org.eclipse.jetty:jetty-server
25
surrealdb
24
org.keycloak:keycloak-parent
24
flowise
24
getkirby/cms
24
magento/core
23
pyload-ng
23
puppet
23
simplesamlphp/simplesamlphp
23
remdex/livehelperchat
23
grumpydictator/firefly-iii
23
tribalsystems/zenario
22
activerecord
22
ckb
22
laravel/framework
22
contao/contao
22
org.apache.openmeetings:openmeetings-parent
22
github.com/ethereum/go-ethereum
21
glance
21
github.com/goharbor/harbor
21
org.apache.tomcat:tomcat-catalina
21
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
21
org.apache.nifi:nifi
21
org.bouncycastle:bcprov-jdk15on
21
zendframework/zendframework
20
code.gitea.io/gitea
20
funadmin/funadmin
20
aim
20
org.xwiki.platform:xwiki-platform-web-templates
20
ethyca-fides
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
typo3/cms-backend
20
wasmtime
20
cockpit-hq/cockpit
20
deno
19
phpoffice/phpspreadsheet
19
topthink/framework
19
transformers
19
neutron
19
github.com/zitadel/zitadel
19
helm.sh/helm/v3
19
golang.org/x/net
18
org.apache.jspwiki:jspwiki-main
18
com.vaadin:vaadin-bom
18
cobbler
18
Microsoft.AspNetCore.App.Runtime.win-x64
18
org.springframework:spring-core
18
langchain
18
mindsdb
18
forkcms/forkcms
18
mercurial
18
Microsoft.AspNetCore.App.Runtime.win-x86
18
genix/cms
18
yetiforce/yetiforce-crm
17
cryptography
17
opencart/opencart
17
openmage/magento-lts
17
francoisjacquet/rosariosis
17
ezsystems/ezpublish-kernel
17
cakephp/cakephp
17
org.apache.geode:geode-core
17
notebook
17
calibreweb
17
OctoPrint
17
org.apache.inlong:manager-pojo
17
github.com/openfga/openfga
17
Microsoft.AspNetCore.App.Runtime.win-arm
17
Microsoft.AspNetCore.App.Runtime.linux-arm64
17
Microsoft.AspNetCore.App.Runtime.linux-arm
17
org.apache.dubbo:dubbo
16
ghost
16
sequelize
16
lollms
16
rusqlite
16
Microsoft.AspNetCore.App.Runtime.win-arm64
16
phpbb/phpbb
16
org.apache.ranger:ranger
16
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
16
PaddlePaddle
16
tinymce
16
paddlepaddle
16
org.apache.activemq:activemq-client
16
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
16
github.com/traefik/traefik/v3
16
publify_core
15
undici
15
ec-cube/ec-cube
15
github.com/containerd/containerd
15
vite
15
Microsoft.AspNetCore.App.Runtime.osx-x64
15
Microsoft.AspNetCore.App.Runtime.linux-x64
15