packagist
Security Advisories in packagist
High
4 days ago
formie's unauthenticated front-end submission editing can overwrite existing submissions
packagist
verbb/formie
Moderate
4 days ago
Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
packagist
admidio/admidio
Moderate
4 days ago
Admidio writes session IDs and auto-login cookie values to application logs
packagist
admidio/admidio
Moderate
4 days ago
Admidio PKCS#12 private key export action lacks CSRF protection
packagist
admidio/admidio
High
4 days ago
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
packagist
admidio/admidio
Moderate
4 days ago
Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
packagist
admidio/admidio
Moderate
4 days ago
Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
packagist
admidio/admidio
Moderate
4 days ago
Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
packagist
admidio/admidio
Moderate
4 days ago
Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
packagist
admidio/admidio
Moderate
4 days ago
Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
packagist
admidio/admidio
Moderate
4 days ago
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification
packagist
symfony/twilio-notifier, symfony/symfony
High
4 days ago
ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
packagist
ezsystems/ezpublish-legacy
High
4 days ago
Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path
packagist
froxlor/froxlor
High
4 days ago
Froxlor has an authorization bypass in FTP shell assignment via missing server-side `available_shells` enforcement
packagist
froxlor/froxlor
High
5 days ago
Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
packagist
pimcore/pimcore
Low
5 days ago
symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
packagist
symfony/polyfill-intl-idn, symfony/polyfill
Low
5 days ago
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
packagist
symfony/symfony, symfony/json-path
Moderate
5 days ago
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection
packagist
symfony/symfony, symfony/mailtrap-mailer
Moderate
5 days ago
Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection
packagist
symfony/mailjet-mailer, symfony/symfony, symfony/lox24-notifier
Low
5 days ago
Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)
packagist
symfony/symfony, symfony/html-sanitizer
Moderate
6 days ago
Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export
packagist
pimcore/pimcore
Low
6 days ago
Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex
packagist
symfony/yaml, symfony/symfony
Low
6 days ago
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
packagist
symfony/yaml, symfony/symfony
Low
6 days ago
Symfony hardened the parser when handling untrusted input
packagist
symfony/yaml, symfony/symfony
High
6 days ago
Automad has Broken Access Control: Unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
packagist
automad/automad
High
6 days ago
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
packagist
symfony/symfony, symfony/monolog-bridge
Moderate
6 days ago
Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
packagist
symfony/symfony, symfony/security-http, symfony/http-kernel
Moderate
6 days ago
Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
packagist
symfony/symfony, symfony/security-http
Moderate
6 days ago
Symfony Vulnerable to SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix
packagist
symfony/symfony, symfony/cache
Low
6 days ago
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering
packagist
symfony/web-profiler-bundle, symfony/twig-bridge, symfony/symfony
Low
6 days ago
Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via validateOnParse = true
packagist
symfony/symfony, symfony/dom-crawler
Moderate
6 days ago
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
packagist
symfony/symfony, symfony/mime
Moderate
6 days ago
Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
packagist
symfony/symfony, symfony/security-http
Moderate
6 days ago
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
packagist
symfony/symfony, symfony/mailer
High
6 days ago
Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
packagist
symfony/mime
Moderate
6 days ago
Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
packagist
symfony/symfony, symfony/html-sanitizer
Moderate
6 days ago
Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing
packagist
symfony/symfony, symfony/html-sanitizer
High
6 days ago
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend
packagist
getkirby/cms
Moderate
6 days ago
Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
packagist
getkirby/cms
High
6 days ago
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
packagist
pimcore/pimcore
High
6 days ago
Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
packagist
pimcore/pimcore
Moderate
6 days ago
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection
packagist
symfony/symfony, symfony/routing
High
6 days ago
Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
packagist
symfony/symfony, symfony/security-http
High
7 days ago
Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter
packagist
pimcore/admin-ui-classic-bundle
High
7 days ago
Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
packagist
pimcore/pimcore
High
7 days ago
Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup
packagist
getkirby/cms
Moderate
7 days ago
Kirby CMS's `pages.access` permission is not checked during rendering of page drafts
packagist
getkirby/cms
High
7 days ago
Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend
packagist
getkirby/cms
High
7 days ago
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints
packagist
getkirby/cms
Low
7 days ago
Pterodactyl has a database resource limit bypass via race condition in Client API
packagist
pterodactyl/panel
High
12 days ago
Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation
packagist
twig/twig
High
12 days ago
Twig: Sandbox property and method bypass via object-destructuring assignment
packagist
twig/twig
Moderate
12 days ago
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
packagist
twig/twig
Low
12 days ago
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
packagist
twig/cssinliner-extra, twig/markdown-extra
Low
12 days ago
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)
packagist
twig/twig
Moderate
12 days ago
Twig: `template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
packagist
twig/twig
Low
12 days ago
twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments
packagist
twig/intl-extra
Low
12 days ago
Twig: The `spaceless` filter implicitly marks its output as safe
packagist
twig/twig
High
12 days ago
Snappy: Binary path is never shell-escaped due to an inverted is_executable check
packagist
KnpLabs/knp-snappy
Moderate
12 days ago
Snappy : SSRF and local file read via the xsl-style-sheet option
packagist
knplabs/knp-snappy
High
13 days ago
phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
13 days ago
phpMyFAQ: Default Empty API Token Authentication Bypass
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
High
13 days ago
phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation
packagist
phpmyfaq/phpmyfaq, thorsten/phpmyfaq
Moderate
14 days ago
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service
packagist
setasign/fpdi
Moderate
14 days ago
AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`
packagist
WWBN/AVideo
High
14 days ago
Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
packagist
composer/composer
Moderate
15 days ago
AVideo: Authenticated Arbitrary File Read in view/update.php
packagist
WWBN/AVideo
Moderate
15 days ago
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
packagist
sulu/sulu
Critical
15 days ago
Formie: Pre-authenticated server-side template injection in Hidden fields
packagist
verbb/formie
Moderate
15 days ago
shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption
packagist
shopper/cart
High
15 days ago
shopper/framework: Authorization bypass in multiple Livewire admin components
packagist
shopper/framework
High
15 days ago
CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule
packagist
ci4-cms-erp/ci4ms
Moderate
15 days ago
CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
packagist
ci4-cms-erp/ci4ms
Moderate
15 days ago
CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
packagist
ci4-cms-erp/ci4ms
Moderate
15 days ago
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`
packagist
WWBN/AVideo
Moderate
18 days ago
phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
packagist
phpMyFAQ/phpMyFAQ
Moderate
18 days ago
phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
18 days ago
phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
18 days ago
phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
High
18 days ago
phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
packagist
phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
18 days ago
phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
packagist
thorsten/phpMyFAQ, phpMyFAQ/phpMyFAQ
Moderate
18 days ago
AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf`
packagist
WWBN/AVideo
Moderate
18 days ago
AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA
packagist
WWBN/AVideo
Moderate
18 days ago
AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute
packagist
WWBN/AVideo
High
18 days ago
AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
packagist
WWBN/AVideo
Moderate
18 days ago
Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option
packagist
cockpit-hq/cockpit
High
18 days ago
SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
packagist
simplesamlphp/simplesamlphp-module-casserver
High
18 days ago
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
packagist
code16/sharp
High
18 days ago
NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side input sanitization in Request class
packagist
nukeviet/nukeviet
Moderate
18 days ago
SimpleSAMLphp casserver: Open Redirect in logout
packagist
simplesamlphp/simplesamlphp-module-casserver
Filter by Severity
Filter by Package
moodle/moodle
437
magento/community-edition
360
typo3/cms
168
wwbn/avideo
138
pimcore/pimcore
131
dolibarr/dolibarr
124
magento/project-community-edition
120
typo3/cms-core
108
phpmyadmin/phpmyadmin
107
microweber/microweber
105
thorsten/phpmyfaq
102
craftcms/cms
102
drupal/core
102
librenms/librenms
100
silverstripe/framework
90
symfony/symfony
81
concrete5/concrete5
75
drupal/drupal
71
getgrav/grav
67
shopware/platform
65
mantisbt/mantisbt
65
baserproject/basercms
56
shopware/core
55
froxlor/froxlor
51
mautic/core
50
admidio/admidio
49
snipe/snipe-it
46
nilsteampassnet/teampass
42
showdoc/showdoc
42
intelliants/subrion
41
getkirby/cms
40
phpmyfaq/phpmyfaq
38
ci4-cms-erp/ci4ms
36
shopware/shopware
33
statamic/cms
32
contao/core-bundle
31
zendframework/zendframework1
31
prestashop/prestashop
31
pocketmine/pocketmine-mp
30
mediawiki/core
28
phpoffice/phpspreadsheet
27
centreon/centreon
27
funadmin/funadmin
26
openmage/magento-lts
26
cockpit-hq/cockpit
26
magento/core
24
grumpydictator/firefly-iii
24
laravel/framework
23
remdex/livehelperchat
23
october/system
22
zendframework/zendframework
22
tribalsystems/zenario
22
simplesamlphp/simplesamlphp
22
feehi/cms
21
typo3/cms-backend
21
facturascripts/facturascripts
20
bagisto/bagisto
20
kimai/kimai
19
topthink/framework
19
contao/contao
19
sylius/sylius
19
craftcms/commerce
19
genix/cms
18
cakephp/cakephp
18
yeswiki/yeswiki
18
forkcms/forkcms
18
opencart/opencart
17
devcode-it/openstamanager
17
yetiforce/yetiforce-crm
17
francoisjacquet/rosariosis
17
pimcore/admin-ui-classic-bundle
17
pterodactyl/panel
16
phpbb/phpbb
16
ec-cube/ec-cube
16
twig/twig
16
studio-42/elfinder
15
symfony/security-http
15
silverstripe/cms
15
smarty/smarty
15
ezsystems/ezpublish-kernel
15
bolt/bolt
15
modx/revolution
14
dompdf/dompdf
14
codeigniter4/framework
14
phpmailer/phpmailer
14
feehi/feehicms
14
alextselegidis/easyappointments
14
sulu/sulu
14
lavalite/cms
14
impresscms/impresscms
13
pagekit/pagekit
13
redaxo/source
13
elefant/cms
13
symfony/security
13
october/october
12
wallabag/wallabag
12
nukeviet/nukeviet
12
composer/composer
12
yiisoft/yii2
12
leantime/leantime
12
WWBN/AVideo
11
ezsystems/ezpublish-legacy
11
tinymce
11
symfony/http-foundation
11
TinyMCE
11
tinymce/tinymce
11
ezsystems/ezplatform-admin-ui
10
ezsystems/ezplatform-kernel
10
croogo/croogo
10
billz/raspap-webgui
10
spatie/browsershot
10
roundcube/roundcubemail
10
ssddanbrown/bookstack
10
kevinpapst/kimai2
9
krayin/laravel-crm
9
concrete5/core
9
azuracast/azuracast
9
in2code/powermail
9
phpseclib/phpseclib
9
in2code/femanager
9
opensource-workshop/connect-cms
9
pimcore/customer-management-framework-bundle
9
contao/core
9
starcitizentools/citizen-skin
9
flarum/core
9
codiad/codiad
8
silverstripe/admin
8
vrana/adminer
8
gilacms/gila
8
directmailteam/direct-mail
8
joomla/joomla-cms
8
silverstripe/graphql
8
october/cms
8
symfony/http-kernel
8
backdrop/backdrop
8
tecnickcom/tcpdf
8
unopim/unopim
7
yiisoft/yii2-dev
7
shopxo/shopxo
7
october/backend
7
getformwork/formwork
7
passbolt/passbolt_api
7
simplesamlphp/saml2
7
wpglobus/wpglobus
7
yourls/yourls
7
idno/known
7
october/rain
6
typo3/cms-install
6
guzzlehttp/guzzle
6
api-platform/core
6
icecoder/icecoder
6
limesurvey/limesurvey
6
zoujingli/thinkadmin
6
oro/platform
6
phpMyFAQ/phpMyFAQ
6
league/commonmark
6
processwire/processwire
6
privatebin/privatebin
6
gleez/cms
6
nystudio107/craft-seomatic
6
auth0/wordpress
6
ibexa/admin-ui
6
adodb/adodb-php
6
pear/archive_tar
6
dweeves/magmi
6
elgg/elgg
5
anchorcms/anchor-cms
5
mautic/core-lib
5
phpservermon/phpservermon
5
shopware/storefront
5
flightphp/core
5
ibexa/core
5
auth0/auth0-php
5
typo3/flow
5
automad/automad
5
juzaweb/cms
5
auth0/symfony
5
woocommerce/woocommerce
5
symfony/yaml
5
solspace/craft-freeform
5
bottelet/flarepoint
5
phpxmlrpc/phpxmlrpc
5
neos/neos
5
symfony/security-core
5
code16/sharp
5
gugoan/economizzer
5
verbb/formie
5
mineadmin/mineadmin
5
auth0/login
5
thinkcmf/thinkcmf
5
illuminate/database
5
cachethq/cachet
5
phppgadmin/phppgadmin
5
neos/flow
5
tcg/voyager
5
drupal/core-recommended
5
silverstripe/assets
5
codeigniter/framework
4
wp-premium/gravityforms
4
moonshine/moonshine
4
Filter by Repository
https://github.com/moodle/moodle
250
https://github.com/pimcore/pimcore
116
https://github.com/TYPO3/typo3
93
https://github.com/microweber/microweber
90
https://github.com/librenms/librenms
77
https://github.com/thorsten/phpmyfaq
69
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/shopware/platform
42
https://github.com/mantisbt/mantisbt
42
https://github.com/craftcms/cms
41
https://github.com/shopware/shopware
40
https://github.com/star7th/showdoc
39
https://github.com/magento/magento2
38
https://github.com/octobercms/october
36
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/baserproject/basercms
26
https://github.com/froxlor/froxlor
26
https://github.com/pmmp/PocketMine-MP
25
https://github.com/getgrav/grav
24
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/getkirby/kirby
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/laravel/framework
21
https://github.com/funadmin/funadmin
20
https://github.com/intelliants/subrion
19
https://github.com/TYPO3-CMS/core
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/OpenMage/magento-lts
18
https://github.com/liufee/cms
17
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/forkcms/forkcms
16
https://github.com/centreon/centreon
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/zendframework/zendframework
15
https://github.com/drupal/core
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/dompdf/dompdf
15
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/centreon/centreon-archived
12
https://github.com/modxcms/revolution
12
https://github.com/smarty-php/smarty
12
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
12
https://github.com/codeigniter4/CodeIgniter4
12
https://github.com/YesWiki/yeswiki
12
https://github.com/yiisoft/yii2
12
https://github.com/top-think/framework
11
https://github.com/Studio-42/elFinder
11
https://github.com/Leantime/leantime
11
https://github.com/cakephp/cakephp
11
https://github.com/sulu/sulu
11
https://github.com/Sylius/Sylius
11
https://github.com/WWBN/AVideo
11
https://github.com/dolibarr/dolibarr
11
https://github.com/tinymce/tinymce
11
https://github.com/bolt/bolt
10
https://github.com/wallabag/wallabag
10
https://github.com/semplon/GeniXCMS
10
https://github.com/opencart/opencart
10
https://github.com/StarCitizenTools/mediawiki-skins-Citizen
9
https://github.com/kevinpapst/kimai2
9
https://github.com/spatie/browsershot
9
https://github.com/pterodactyl/panel
9
https://github.com/statamic/cms
9
https://github.com/neorazorx/facturascripts
9
https://github.com/bagisto/bagisto
9
https://github.com/alextselegidis/easyappointments
9
https://github.com/ezsystems/ezpublish-kernel
9
https://github.com/LavaLite/cms
9
https://github.com/tecnickcom/TCPDF
8
https://github.com/flarum/framework
8
https://github.com/croogo/croogo
8
https://github.com/RaspAP/raspap-webgui
8
https://github.com/GilaCMS/gila
8
https://github.com/admidio/admidio
8
https://github.com/ezsystems/ezplatform-admin-ui
8
https://github.com/TribalSystems/Zenario
8
https://github.com/pimcore/customer-data-framework
8
https://github.com/twigphp/Twig
8
https://github.com/Froxlor/Froxlor
8
https://github.com/francoisjacquet/rosariosis
8
https://github.com/pagekit/pagekit
7
https://github.com/wintercms/winter
7
https://github.com/unopim/unopim
7
https://github.com/composer/composer
7
https://github.com/d4wner/Vulnerabilities-Report
7
https://github.com/ezsystems/ezplatform-kernel
7
https://github.com/Codiad/Codiad
7
https://github.com/passbolt/passbolt_api
7
https://github.com/vrana/adminer
6
https://github.com/gleez/cms
6
https://github.com/nystudio107/craft-seomatic
6
https://github.com/auth0/auth0-PHP
6
https://github.com/LimeSurvey/LimeSurvey
6
https://github.com/silverstripe/silverstripe-graphql
6
https://github.com/bookstackapp/bookstack
6
https://github.com/guzzle/guzzle
6
https://github.com/ezsystems/ezpublish-legacy
6
https://github.com/api-platform/core
6
https://gitlab.com/francoisjacquet/rosariosis
6
https://github.com/ADOdb/ADOdb
6
https://github.com/oroinc/orocommerce
6
https://github.com/ImpressCMS/impresscms
6
https://github.com/Admidio/admidio
6
https://github.com/Bottelet/DaybydayCRM
5
https://github.com/shopware5/shopware
5
https://github.com/zendframework/zf1
5
https://github.com/contao/core
5
https://github.com/getformwork/formwork
5
https://github.com/nukeviet/nukeviet
5
https://github.com/pear/Archive_Tar
5
https://github.com/jbroadway/elefant
5
https://github.com/thinkcmf/thinkcmf
5
https://github.com/in2code-de/femanager
5
https://github.com/ibexa/admin-ui
5
https://github.com/ibexa/core
5
https://github.com/gggeek/phpxmlrpc
5
https://github.com/dub-flow/vulnerability-research
5
https://github.com/backdrop/backdrop
5
https://github.com/oroinc/platform
5
https://github.com/ezsystems/ezplatform-richtext
4
https://github.com/GiacoLenzo2109/MoonShine_Software_PoCs
4
https://github.com/kimai/kimai
4
https://github.com/silverstripe/silverstripe-admin
4
https://github.com/in2code-de/powermail
4
https://github.com/zoujingli/ThinkAdmin
4
https://github.com/ezsystems/ezplatform
4
https://github.com/froxlor/Froxlor
4
https://github.com/brefphp/bref
4
https://github.com/appwrite/appwrite
4
https://github.com/reportico-web/reportico
4
https://github.com/phpservermon/phpservermon
4
https://github.com/pixelfed/pixelfed
4
https://github.com/livewire/livewire
4
https://github.com/fiveai/Cachet
4
https://github.com/codeigniter4/shield
4
https://github.com/Sylius/SyliusResourceBundle
4
https://github.com/yourls/yourls
4
https://github.com/darylldoyle/svg-sanitizer
4
https://github.com/progprnv/CVE-Reports
4
https://github.com/PrivateBin/PrivateBin
4
https://github.com/hieuminhnv/Zenario-CMS-last-version
4
https://github.com/crater-invoice/crater
4
https://github.com/oroinc/crm
4
https://github.com/TYPO3/html-sanitizer
4
https://github.com/BookStackApp/BookStack
4
https://github.com/Cockpit-HQ/Cockpit
4
https://github.com/haxtheweb/issues
4
https://github.com/dd3x3r/enhavo
3
https://github.com/Athlon1600/php-proxy-app
3
https://github.com/phpbb/phpbb
3
https://github.com/belong2yourself/vulnerabilities
3
https://github.com/Rudloff/alltube
3
https://github.com/yiisoft/yii
3
https://github.com/uasoft-indonesia/badaso
3
https://github.com/qcubed/qcubed
3
https://github.com/grokability/snipe-it
3
https://github.com/woocommerce/woocommerce
3
https://github.com/github/advisory-database
3
https://github.com/elgg/elgg
3
https://github.com/simplesamlphp/saml2
3
https://github.com/orchidsoftware/platform
3
https://github.com/flarum/core
3
https://github.com/verbb/formie
3
https://github.com/artesaos/seotools
3
https://github.com/PrestaShop/productcomments
3
https://github.com/thephpleague/commonmark
3
https://github.com/PrestaShopCorp/ps_checkout
3
https://github.com/thedevdojo/voyager
3
https://github.com/torrentpier/torrentpier
3
https://github.com/aimeos/ai-admin-graphql
3
https://github.com/TYPO3-Solr/ext-solr
3
https://github.com/uvdesk/community-skeleton
3
https://github.com/ezsystems/ezplatform-http-cache
3
https://github.com/phpbb/phpbb-app
3
https://github.com/guzzle/psr7
3
https://github.com/auth0/wordpress
3
https://github.com/liufee/feehicms
3
https://github.com/verbb/comments
3
https://github.com/wikimedia/mediawiki
3
https://github.com/idno/known
3
https://github.com/alexbsec/CVEs
3
https://github.com/notrinos/notrinoserp
3
https://github.com/concrete5/concrete5
3
https://github.com/phpseclib/phpseclib
3
https://github.com/FriendsOfSymfony/FOSUserBundle
3
https://github.com/joomla/joomla-cms
3
https://github.com/facade/ignition
3