Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
116792
AlmaLinux
2819
Alpine
3399
Android
890
Bitnami
3902
CRAN
10
crates.io
1352
Debian
9878
GIT
33039
GitHub Actions
16
Go
2172
Hackage
18
Hex
30
Linux
13573
Maven
4887
npm
14431
NuGet
582
OSS-Fuzz
3305
Packagist
3406
Pub
8
PyPI
11934
Rocky Linux
1192
RubyGems
789
SwiftURL
31
Ubuntu
5129
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-7prj-9ccr-hr3q
Packagist/sylius/sylius
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
v1.12.0
v1.12.0-alpha.1
v1.12.0-alpha.2
v1.12.0-beta.1
v1.12.0-rc.1
v1.12.1
v1.12.10
...
2024-05-10T15:33:22Z
Fix available
GHSA-v2f9-rv6w-vw8r
Packagist/sylius/sylius
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
v1.12.0
v1.12.0-alpha.1
v1.12.0-alpha.2
v1.12.0-beta.1
v1.12.0-rc.1
v1.12.1
v1.12.10
...
2024-05-10T15:33:01Z
Fix available
GHSA-x525-54hf-xr53
Packagist/froxlor/froxlor
Blind XSS Leading to Froxlor Application Compromise
0.10.0
0.10.0-rc1
0.10.0-rc2
0.10.1
0.10.10
0.10.11
0.10.12
...
2024-05-10T15:29:59Z
Fix available
GHSA-6f3v-2r2j-2rpr
Packagist/kimai/kimai
Kimai information disclosure vulnerability
0.1
0.2
0.3
0.4
0.5
0.6
0.6.1
...
2024-05-07T18:30:33Z
Fix available
GHSA-6pjm-hmvf-h4rr
Packagist/spatie/image-optimizer
image-optimizer allows PHAR deserialization
0.0.1
0.0.2
0.0.3
0.0.4
1.0.0
1.0.1
1.0.10
...
2024-05-05T21:30:31Z
Fix available
GHSA-969f-v7jv-pgj3
Packagist/topthink/framework
ThinkPHP allows remote attackers to discover the PHPSESSION cookie
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v6.1.0
v6.1.1
v6.1.2
...
2024-05-04T21:30:33Z
Fix available
GHSA-7qwj-gcjf-828f
Packagist/tribalsystems/zenario
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
7.5.40440
7.5.41006
7.5.41499
7.5.41633
7.5.42085
7.5.42990
7.5.47180
...
2024-05-04T06:30:31Z
Fix available
GHSA-hr2r-w6wc-25pv
Packagist/tribalsystems/zenario
Zenario uses Twig filters insecurely in the Twig Snippet plugin
7.5.40440
7.5.41006
7.5.41499
7.5.41633
7.5.42085
7.5.42990
7.5.47180
...
2024-05-04T06:30:31Z
Fix available
GHSA-384w-wffr-x63q
Packagist/pterodactyl/panel
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
v0.1.0-beta
v0.1.1-beta
v0.1.2-beta
v0.2.0-beta
v0.3.0-beta
v0.4.0-beta
v0.4.1-beta
...
2024-05-03T20:29:04Z
Fix available
GHSA-3494-cfwf-56hw
Packagist/paragonie/ecc
Packagist/mdanter/ecc
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
v2.0.0
0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
...
2024-04-28T00:30:22Z
Fix available
GHSA-5hcr-g32p-h74c
Lavalite CMS Cross Site Scripting vulnerability
10.1.0
2024-04-27T00:30:37Z
No fix available
GHSA-2pg6-vw9c-qhjv
Packagist/passbolt/passbolt_api
Passbolt API allows HTML injection
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.5
v1.0.6
...
2024-04-26T03:30:29Z
Fix available
GHSA-346h-749j-r28w
Packagist/mdanter/ecc
PHPECC vulnerable to multiple cryptographic side-channel attacks
0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.4.2
...
2024-04-25T18:31:58Z
No fix available
GHSA-vjwg-28gv-pm8h
Packagist/pimcore/pimcore
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
v11.2.0
v11.2.1
v11.2.2
v11.0.0
v11.0.0-ALPHA1
v11.0.0-ALPHA2
v11.0.0-ALPHA3
...
2024-04-24T17:02:33Z
Fix available
GHSA-qh9w-r7g5-q939
Packagist/zendframework/zendframework1
Packagist/zendframework/zend-db
Packagist/zendframework/zendframework
Zend Framework SQL injection vulnerability
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
...
2024-04-23T22:39:03Z
Fix available
GHSA-297x-j9pm-xjgg
Packagist/drupal/core
Packagist/drupal/drupal
Drupal Core Remote Code Execution Vulnerability
8.0.0
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
...
2024-04-23T22:36:09Z
Fix available
Load more...
Packagist - OSV