Browse Security Advisories
Security Advisories for org.xwiki.platform:xwiki-platform-oldcore Clear Filters
High
5 days ago
XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API
maven
org.xwiki.platform:xwiki-platform-oldcore
High
about 2 months ago
XWiki allows remote code execution through preview of XClass changes in AWM editor
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
about 2 months ago
XWiki allows SQL injection in query endpoint of REST API with Oracle
maven
org.xwiki.platform:xwiki-platform-oldcore
High
3 months ago
org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
11 months ago
XWiki Platform allows XSS through XClass name in string properties
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
12 months ago
XWiki Platform vulnerable to document deletion and overwrite from edit
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
about 1 year ago
XWiki Platform allows remote code execution from user account
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 1 year ago
XWiki Platform remote code execution from account via custom skins support
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 1 year ago
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 1 year ago
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
maven
org.xwiki.platform:xwiki-platform-oldcore
High
over 1 year ago
XWiki has no right protection on rollback action
maven
org.xwiki.platform:xwiki-platform, org.xwiki.platform:xwiki-platform-oldcore
High
over 1 year ago
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 1 year ago
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
almost 2 years ago
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
almost 2 years ago
Velocity execution without script right through VelocityCode and VelocityWiki property
maven
org.xwiki.platform:xwiki-platform-oldcore
High
almost 2 years ago
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
about 2 years ago
Upgrading doesn't prevent exploiting vulnerable XWiki documents
maven
org.xwiki.platform:xwiki-platform-oldcore
High
about 2 years ago
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
about 2 years ago
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 2 years ago
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
maven
org.xwiki.platform:xwiki-platform-rendering-async-macro, org.xwiki.platform:xwiki-platform-oldcore
Critical
over 2 years ago
XWiki Platform vulnerable to code injection in display method used in user profiles
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 2 years ago
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 2 years ago
org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
maven
org.xwiki.platform:xwiki-platform-oldcore
High
over 2 years ago
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 2 years ago
XWiki Platform subject to Uncontrolled Resource Consumption
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 2 years ago
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
maven
org.xwiki.platform:xwiki-platform-legacy-oldcore, org.xwiki.platform:xwiki-platform-oldcore
High
over 2 years ago
Creation of new database tables through login form on PostgreSQL
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 2 years ago
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
maven
org.xwiki.platform:xwiki-platform-oldcore
High
almost 3 years ago
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
maven
org.xwiki.platform:xwiki-platform-oldcore
High
almost 3 years ago
XWiki Platform Improper Authorization check for inactive users
maven
org.xwiki.platform:xwiki-platform-oldcore
High
almost 3 years ago
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
maven
org.xwiki.platform:xwiki-platform-oldcore
Low
about 3 years ago
Path Traversal in XWiki Platform
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
about 3 years ago
XWiki Remote Code Execution
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 3 years ago
Cross-site Scripting by SVG upload in xwiki-platform
maven
org.xwiki.platform:xwiki-platform-tool-configuration-resources, org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 3 years ago
Missing authorization in xwiki-platform
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 3 years ago
URL Redirection to Untrusted Site ('Open Redirect')
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 3 years ago
Missing authorization in xwiki-platform
maven
org.xwiki.platform:xwiki-platform-oldcore
Moderate
over 3 years ago
Partial authorization bypass on document save in xwiki-platform
maven
org.xwiki.platform:xwiki-platform-oldcore
Critical
over 4 years ago
XSS Cross Site Scripting
maven
org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-oldcore
Low
almost 5 years ago
Users with SCRIPT right can execute arbitrary code in XWiki
maven
org.xwiki.platform:xwiki-platform-oldcore
Filter by Severity
Filter by Ecosystem
maven
6,662
packagist
5,356
pypi
4,833
npm
4,190
go
2,801
nuget
1,701
cargo
1,066
rubygems
918
hex
37
swift
35
actions
32
pub
10
Filter by Package
tensorflow
433
tensorflow-gpu
427
tensorflow-cpu
423
moodle/moodle
418
magento/community-edition
300
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
239
typo3/cms
190
org.apache.tomcat:tomcat
138
pimcore/pimcore
120
dolibarr/dolibarr
116
github.com/mattermost/mattermost/server/v8
115
typo3/cms-core
111
com.liferay.portal:release.portal.bom
110
phpmyadmin/phpmyadmin
107
Django
107
com.liferay.portal:release.dxp.bom
105
drupal/core
103
magento/project-community-edition
100
microweber/microweber
99
silverstripe/framework
92
apache-airflow
85
drupal/drupal
83
librenms/librenms
82
thorsten/phpmyfaq
73
Plone
72
symfony/symfony
69
com.fasterxml.jackson.core:jackson-databind
69
github.com/usememos/memos
66
concrete5/concrete5
65
salt
65
ansible
63
actionpack
61
apache-superset
57
org.apache.struts:struts2-core
57
shopware/platform
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
51
org.keycloak:keycloak-core
50
nova
48
baserproject/basercms
47
nokogiri
46
django
46
org.apache.tomcat.embed:tomcat-embed-core
46
shopware/core
45
github.com/rancher/rancher
44
gradio
44
vyper
44
mautic/core
44
matrix-synapse
42
rdiffweb
42
nilsteampassnet/teampass
42
mantisbt/mantisbt
41
showdoc/showdoc
41
k8s.io/kubernetes
41
org.keycloak:keycloak-services
41
org.xwiki.platform:xwiki-platform-oldcore
41
org.elasticsearch:elasticsearch
41
plone
41
froxlor/froxlor
40
github.com/hashicorp/vault
40
github.com/mattermost/mattermost-server/v6
39
intelliants/subrion
39
directus
38
com.thoughtworks.xstream:xstream
37
snipe/snipe-it
36
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
moin
35
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
34
io.undertow:undertow-core
34
zendframework/zendframework1
34
gogs.io/gogs
33
parse-server
33
keystone
32
github.com/argoproj/argo-cd/v2
31
github.com/docker/docker
31
opencv-python
31
opencv-contrib-python
31
github.com/hashicorp/nomad
31
Pillow
31
github.com/cilium/cilium
31
github.com/argoproj/argo-cd
31
shopware/shopware
30
getgrav/grav
30
github.com/hashicorp/consul
29
github.com/mattermost/mattermost-server
29
rack
29
mediawiki/core
28
org.apache.solr:solr-core
28
electron
28
org.opencms:opencms-core
27
centreon/centreon
27
pillow
26
prestashop/prestashop
26
next
26
org.springframework.security:spring-security-core
26
openssl-src
26
org.eclipse.jetty:jetty-server
25
rubygems-update
25
contao/core-bundle
25
open-webui
25
pocketmine/pocketmine-mp
24
getkirby/cms
24
github.com/traefik/traefik/v2
24
org.keycloak:keycloak-parent
24
magento/core
24
surrealdb
24
grumpydictator/firefly-iii
23
vllm
23
remdex/livehelperchat
23
simplesamlphp/simplesamlphp
23
puppet
23
laravel/framework
23
phpoffice/phpexcel
23
zendframework/zendframework
23
DotNetNuke.Core
22
org.bouncycastle:bcprov-jdk14
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
Microsoft.AspNetCore.App.Runtime.win-x86
22
tribalsystems/zenario
22
@openzeppelin/contracts-upgradeable
22
ckb
22
org.apache.openmeetings:openmeetings-parent
22
Microsoft.AspNetCore.App.Runtime.win-arm
21
activerecord
21
org.apache.tomcat:tomcat-catalina
21
@openzeppelin/contracts
21
glance
21
github.com/goharbor/harbor
21
org.apache.nifi:nifi
21
github.com/ethereum/go-ethereum
21
phpoffice/phpspreadsheet
21
wasmtime
20
golang.org/x/net
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
code.gitea.io/gitea
20
langchain
20
cockpit-hq/cockpit
20
aim
20
funadmin/funadmin
20
deno
19
Microsoft.AspNetCore.App.Runtime.win-arm64
19
Microsoft.AspNetCore.App.Runtime.osx-x64
19
Microsoft.AspNetCore.App.Runtime.linux-x64
19
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
19
Microsoft.AspNetCore.App.Runtime.linux-arm64
19
Microsoft.AspNetCore.App.Runtime.linux-arm
19
org.apache.tomcat:tomcat-coyote
19
github.com/zitadel/zitadel
19
pyload-ng
19
org.xwiki.platform:xwiki-platform-web-templates
19
neutron
19
helm.sh/helm/v3
19
forkcms/forkcms
18
genix/cms
18
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
18
contao/contao
18
cobbler
18
mindsdb
18
topthink/framework
18
mercurial
18
com.vaadin:vaadin-bom
18
calibreweb
17
org.springframework:spring-core
17
francoisjacquet/rosariosis
17
openmage/magento-lts
17
opencart/opencart
17
org.apache.inlong:manager-pojo
17
cryptography
17
cakephp/cakephp
17
yetiforce/yetiforce-crm
17
OctoPrint
17
symfony/security
17
notebook
17
org.apache.geode:geode-core
17
ezsystems/ezpublish-kernel
17
typo3/cms-backend
17
ethyca-fides
16
org.apache.ranger:ranger
16
tinymce
16
org.bouncycastle:bcprov-jdk15
16
github.com/openfga/openfga
16
Microsoft.NetCore.App.Runtime.win-x86
16
org.apache.dubbo:dubbo
16
Microsoft.NetCore.App.Runtime.win-arm
16
phpbb/phpbb
16
Microsoft.NetCore.App.Runtime.win-x64
16
paddlepaddle
16
october/system
16
PaddlePaddle
16
Microsoft.NetCore.App.Runtime.win-arm64
16
sequelize
16
org.apache.jspwiki:jspwiki-main
16
org.apache.activemq:activemq-client
16
github.com/traefik/traefik/v3
16
rusqlite
16
lollms
16