Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-cv23-q6gh-xfrf
  • Packagist/woocommerce/woocommerce
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
  • See details.
2024-06-12T19:40:16Z Fix available
GHSA-47f6-5gq3-vx9c
  • Packagist/composer/composer
Composer has a command injection via malicious git branch name
  • 2.0.0
  • 2.0.0-RC1
  • 2.0.0-RC2
  • 2.0.0-alpha1
  • 2.0.0-alpha2
  • 2.0.0-alpha3
  • 2.0.1
  • ...
2024-06-10T21:36:32Z Fix available
GHSA-v9qv-c7wm-wgmf
  • Packagist/composer/composer
Composer has multiple command injections via malicious git/hg branch names
  • 2.0.0
  • 2.0.0-RC1
  • 2.0.0-RC2
  • 2.0.0-alpha1
  • 2.0.0-alpha2
  • 2.0.0-alpha3
  • 2.0.1
  • ...
2024-06-10T21:36:25Z Fix available
GHSA-rcm4-jv5g-wccm
  • Packagist/zfr/zfr-oauth2-server-module
zfr authentication adapter did not verify validity of tokens
  • 0.1.0
  • 0.1.1
2024-06-07T22:30:03Z Fix available
GHSA-3x57-m5p4-rgh4
  • Packagist/zendframework/zendopenid
ZendOpenID potential security issue in login mechanism
  • 2.0.0
  • 2.0.1
2024-06-07T22:28:46Z Fix available
GHSA-6fqw-j3vm-7f66
  • Packagist/zendframework/zendframework1
Zendframework1 Potential SQL injection in ORDER and GROUP functions
  • 1.12.0
  • 1.12.1
  • 1.12.10
  • 1.12.11
  • 1.12.12
  • 1.12.13
  • 1.12.14
  • ...
2024-06-07T22:27:32Z Fix available
GHSA-848f-mph5-9pm9
  • Packagist/zendframework/zendframework1
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
  • 1.12.0
  • 1.12.1
  • 1.12.10
  • 1.12.11
  • 1.12.12
  • 1.12.13
  • 1.12.14
  • ...
2024-06-07T22:27:02Z Fix available
GHSA-8xhv-gqm4-3w99
  • Packagist/zendframework/zendframework1
ZendFramework1 Potential Insufficient Entropy Vulnerability
  • 1.12.0
  • 1.12.1
  • 1.12.10
  • 1.12.11
  • 1.12.12
  • 1.12.13
  • 1.12.14
  • ...
2024-06-07T22:26:25Z Fix available
GHSA-v42g-7q2x-cw32
  • Packagist/zendframework/zendframework1
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
  • 1.12.0
  • 1.12.1
  • 1.12.10
  • 1.12.11
  • 1.12.12
  • 1.12.13
  • 1.12.14
  • ...
2024-06-07T22:25:43Z Fix available
GHSA-mg4x-prh7-g4mx
  • Packagist/zendframework/zend-captcha
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
  • 2.0.3
  • 2.0.4
  • 2.0.5
  • 2.0.6
  • 2.0.7
  • 2.0.8
  • 2.1.0
  • ...
2024-06-07T22:25:12Z Fix available
GHSA-2x36-qhx3-7m5f
  • Packagist/zendframework/zendframework1
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
  • 1.12.0
  • 1.12.1
  • 1.12.2
  • 1.12.3
  • 1.12.4
  • 1.12.5
  • 1.12.6
2024-06-07T22:24:52Z Fix available
GHSA-9v78-h226-2rmq
  • Packagist/zendframework/zendframework1
Zendframework potential security issue in login mechanism
  • 1.12.0
  • 1.12.1
  • 1.12.2
  • 1.12.3
2024-06-07T22:24:08Z Fix available
GHSA-x86x-qhf8-f37w
  • Packagist/willdurand/js-translation-bundle
willdurand/js-translation-bundle potential path traversal attack and remote code injection
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.1.0
  • 0.1.1
  • ...
2024-06-07T22:20:27Z Fix available
GHSA-97h7-mf38-g9mf
  • Packagist/vrana/adminer
Adminer file disclosure vulnerability
  • v4.3.1
  • v4.4.0
  • v4.5.0
  • v4.6.0
  • v4.6.1
  • v4.6.2
2024-06-07T22:19:44Z Fix available
GHSA-78hm-5hjw-58mh
  • Packagist/ua-parser/uap-php
ua-parser/uap-php ReDoS vulnerability
  • v3.4.0
  • v3.4.1
  • v3.4.2
  • v3.4.3
  • v3.4.4
  • v3.4.5
  • v3.4.6
  • ...
2024-06-07T22:14:49Z Fix available
GHSA-qg7m-mwxm-j3h7
  • Packagist/zendframework/zend-developer-tools
Zend-developer-tools information disclosure vulnerability
  • 1.2.2
2024-06-07T22:10:19Z Fix available