OSV - Open Source Vulnerabilities

GHSA-7prj-9ccr-hr3q

Packagist/sylius/sylius

Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book

v1.12.0
v1.12.0-alpha.1
v1.12.0-alpha.2
v1.12.0-beta.1
v1.12.0-rc.1
v1.12.1
v1.12.10
...

2024-05-10T15:33:22Z

Fix available

GHSA-v2f9-rv6w-vw8r

Packagist/sylius/sylius

Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel

v1.12.0
v1.12.0-alpha.1
v1.12.0-alpha.2
v1.12.0-beta.1
v1.12.0-rc.1
v1.12.1
v1.12.10
...

2024-05-10T15:33:01Z

Fix available

GHSA-x525-54hf-xr53

Packagist/froxlor/froxlor

Blind XSS Leading to Froxlor Application Compromise

0.10.0
0.10.0-rc1
0.10.0-rc2
0.10.1
0.10.10
0.10.11
0.10.12
...

2024-05-10T15:29:59Z

Fix available

GHSA-6f3v-2r2j-2rpr

Packagist/kimai/kimai

Kimai information disclosure vulnerability

0.1
0.2
0.3
0.4
0.5
0.6
0.6.1
...

2024-05-07T18:30:33Z

Fix available

GHSA-6pjm-hmvf-h4rr

Packagist/spatie/image-optimizer

image-optimizer allows PHAR deserialization

0.0.1
0.0.2
0.0.3
0.0.4
1.0.0
1.0.1
1.0.10
...

2024-05-05T21:30:31Z

Fix available

GHSA-969f-v7jv-pgj3

Packagist/topthink/framework

ThinkPHP allows remote attackers to discover the PHPSESSION cookie

v8.0.0
v8.0.1
v8.0.2
v8.0.3
v6.1.0
v6.1.1
v6.1.2
...

2024-05-04T21:30:33Z

Fix available

GHSA-7qwj-gcjf-828f

Packagist/tribalsystems/zenario

Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting

7.5.40440
7.5.41006
7.5.41499
7.5.41633
7.5.42085
7.5.42990
7.5.47180
...

2024-05-04T06:30:31Z

Fix available

GHSA-hr2r-w6wc-25pv

Packagist/tribalsystems/zenario

Zenario uses Twig filters insecurely in the Twig Snippet plugin

7.5.40440
7.5.41006
7.5.41499
7.5.41633
7.5.42085
7.5.42990
7.5.47180
...

2024-05-04T06:30:31Z

Fix available

GHSA-384w-wffr-x63q

Packagist/pterodactyl/panel

Pterodactyl panel's admin area vulnerable to Cross-site Scripting

v0.1.0-beta
v0.1.1-beta
v0.1.2-beta
v0.2.0-beta
v0.3.0-beta
v0.4.0-beta
v0.4.1-beta
...

2024-05-03T20:29:04Z

Fix available

GHSA-3494-cfwf-56hw

Packagist/paragonie/ecc
Packagist/mdanter/ecc

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

v2.0.0
0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
...

2024-04-28T00:30:22Z

Fix available

GHSA-5hcr-g32p-h74c

Lavalite CMS Cross Site Scripting vulnerability

10.1.0

2024-04-27T00:30:37Z

No fix available

GHSA-2pg6-vw9c-qhjv

Packagist/passbolt/passbolt_api

Passbolt API allows HTML injection

v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.5
v1.0.6
...

2024-04-26T03:30:29Z

Fix available

GHSA-346h-749j-r28w

Packagist/mdanter/ecc

PHPECC vulnerable to multiple cryptographic side-channel attacks

0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.4.2
...

2024-04-25T18:31:58Z

No fix available

GHSA-vjwg-28gv-pm8h

Packagist/pimcore/pimcore

Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

v11.2.0
v11.2.1
v11.2.2
v11.0.0
v11.0.0-ALPHA1
v11.0.0-ALPHA2
v11.0.0-ALPHA3
...

2024-04-24T17:02:33Z

Fix available

GHSA-qh9w-r7g5-q939

Packagist/zendframework/zendframework1
Packagist/zendframework/zend-db
Packagist/zendframework/zendframework

Zend Framework SQL injection vulnerability

1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
...

2024-04-23T22:39:03Z

Fix available

GHSA-297x-j9pm-xjgg

Packagist/drupal/core
Packagist/drupal/drupal

Drupal Core Remote Code Execution Vulnerability

8.0.0
8.0.0-beta10
8.0.0-beta11
8.0.0-beta12
8.0.0-beta13
8.0.0-beta14
8.0.0-beta15
...

2024-04-23T22:36:09Z

Fix available

Vulnerability Library