Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-83jv-4prm-34g7
  • Packagist/shopware/shopware
 Shopware Remote Code Execution Vulnerability
  • 4.2.0
  • 4.2.1
  • 4.2.1.1
  • 4.2.2
  • 4.2.3
  • 4.3.0
  • 4.3.1
  • ...
 2024-05-21T21:00:39Z Fix available
GHSA-7336-ghhp-f2qj
  • Packagist/shopware/shopware
 Shopware Remote Code Execution Vulnerability
  • 5.2.15
  • v5.2.15
 2024-05-21T20:52:57Z Fix available
GHSA-jqr7-5h7r-ch8p
  • Packagist/shopware/shopware
 Shopware Non-Persistent XSS in the Frontend
  • 5.3.0
  • v5.2.0
  • v5.2.1
  • v5.2.10
  • v5.2.11
  • v5.2.12
  • v5.2.13
  • ...
 2024-05-21T20:42:46Z Fix available
GHSA-q3g4-2vw9-xv27
  • Packagist/shopware/shopware
 Shopware Remote Code Execution Vulnerability
  • 4.2.0
  • 4.2.0-rc.1
  • 4.2.1
  • 4.2.1.1
  • 4.2.2
  • 4.2.3
  • 4.3.0
  • ...
 2024-05-21T18:50:07Z Fix available
GHSA-6wqp-7g94-f69j
  • Packagist/sensiolabs/connect
 sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
  • v1.0
  • v1.1
  • v1.2
  • v1.3
  • v1.4
  • v1.5
  • v1.6
  • ...
 2024-05-21T18:26:46Z Fix available
GHSA-9phw-7h96-q3rv
  • Packagist/scheb/two-factor-bundle
 scheb/two-factor-bundle bypass two-factor authentication with remember-me option
  • v4.0.0
  • v4.1.0
  • v4.10.0
  • v4.2.0
  • v4.2.1
  • v4.3.0
  • v4.3.1
  • ...
 2024-05-21T18:22:04Z Fix available
GHSA-h6mp-mc7g-mg49
  • Packagist/scheb/two-factor-bundle
 scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
  • v3.0.0
  • v3.1.0
  • v3.2.0
  • v3.3.0
  • v3.3.1
  • v3.4.0
  • v3.5.0
  • ...
 2024-05-21T18:16:24Z Fix available
GHSA-v45m-hxqp-fwf5
  • Packagist/verbb/formie
 verbb/formie Server-Side Template Injection for variable-enabled settings
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
  • ...
 2024-05-20T20:26:28Z Fix available
GHSA-f98p-2hc5-fm7v
  • Packagist/wwbn/avideo
 AVideo cross-site scripting vulnerability in the view/about.php page
  • 10.4
  • 10.8
  • 11
  • 11.1
  • 11.1.1
  • 11.5
  • 11.6
  • ...
 2024-05-20T18:43:57Z Fix available
GHSA-2g98-f9jv-w8c5
  • Packagist/robrichards/xmlseclibs
 robrichards/xmlseclibs XPath injection
  • 1.3.2
  • 1.3.3
  • 1.3.4
  • 1.4.0
  • 1.4.1
  • 1.4.2
  • 1.4.3
  • ...
 2024-05-20T18:06:52Z Fix available
GHSA-7v7m-pcw5-h3cg
  • Packagist/pusher/pusher-php-server
 Pusher Service Channel Authentication Bypass
  • 2.1.2
  • v2.1.3
  • v2.2.0
 2024-05-20T17:49:10Z Fix available
GHSA-7g7c-qhf3-x59p
  • Packagist/propel/propel1
 propel/propel1 SQL injection possible with limit() on MySQL
  • 1.6.2
  • 1.6.3
  • 1.6.4
  • 1.6.5
  • 1.6.6
  • 1.6.7
  • 1.6.8
  • ...
 2024-05-20T17:36:28Z Fix available
GHSA-7vw7-qx38-37vr
  • Packagist/propel/propel
 Propel2 SQL injection possible with limit() on MySQL
  • 2.0.0-alpha1
  • 2.0.0-alpha2
  • 2.0.0-alpha3
  • 2.0.0-alpha4
  • 2.0.0-alpha5
  • 2.0.0-alpha6
  • 2.0.0-alpha7
 2024-05-20T17:34:33Z Fix available
GHSA-ww6p-q26w-fr6m
  • Packagist/phpxmlrpc/extras
 phpxmlrpc/extra XSS in class documenting_xmlrpc_server
  • 0.5.1
  • 0.5.2
  • 0.6.0
 2024-05-20T17:14:55Z Fix available
GHSA-qm5v-pj64-852j
  • Packagist/passbolt/passbolt_api
 Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
  • v1.0.10
  • v1.0.11
  • v1.0.12
  • v1.0.13
  • v1.0.14
  • v1.0.5
  • v1.0.6
  • ...
 2024-05-20T17:09:57Z Fix available
GHSA-2f46-4xjm-73x5
  • Packagist/passbolt/passbolt_api
 Passbolt API Stored XSS on first/last name during setup
  • v1.0.10
  • v1.0.11
  • v1.0.12
  • v1.0.13
  • v1.0.14
  • v1.0.5
  • v1.0.6
  • ...
 2024-05-20T17:07:44Z Fix available
Load more...