Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
149405
AlmaLinux
3014
Alpine
3485
Android
898
Bitnami
4275
Chainguard
13046
CRAN
10
crates.io
1403
Debian
16400
GIT
29013
GitHub Actions
16
Go
2579
Hackage
18
Hex
30
Linux
13573
Maven
4967
npm
17855
NuGet
1334
OSS-Fuzz
3372
Packagist
3948
Pub
8
PyPI
13756
Rocky Linux
1315
RubyGems
1585
SwiftURL
31
Ubuntu
5337
Wolfi
8137
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-296q-rj83-g9rq
Packagist/oveleon/contao-cookiebar
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
13 hours ago
Fix available
Severity - 5.1 (Medium)
GHSA-wmx7-pw49-88jx
Packagist/craftcms/cms
Craft CMS Allows TOTP Token To Stay Valid After Use
yesterday
Fix available
Severity - 6.0 (Medium)
GHSA-vprp-94p9-5jp8
Packagist/dolibarr/dolibarr
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
2 days ago
No fix available
GHSA-3wmx-48g3-x66g
Packagist/backdrop/backdrop
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
4 days ago
Fix available
Severity - 4.6 (Medium)
GHSA-47mc-qmh2-mqj4
Packagist/automad/automad
Automad arbitrary file upload vulnerability
19 Jul
No fix available
Severity - 8.7 (High)
GHSA-r9vw-cjf9-xh4x
Packagist/processwire/processwire
ProcessWire Cross Site Request Forgery vulnerability
19 Jul
No fix available
Severity - 2.1 (Low)
GHSA-xrh7-2gfq-4rcq
Packagist/opencart/opencart
openCart Server-Side Template Injection (SSTI) vulnerability
17 Jul
No fix available
Severity - 5.5 (Medium)
GHSA-52cw-pvq9-9m5v
Packagist/silverstripe/framework
Silverstripe uses TinyMCE which allows svg files linked in object tags
17 Jul
Fix available
Severity - 5.3 (Medium)
GHSA-55rf-8q29-4g43
Packagist/sylius/sylius
Sylius has a security vulnerability via adjustments API endpoint
17 Jul
Fix available
Severity - 8.7 (High)
GHSA-chx7-9x8h-r5mg
Packagist/silverstripe/framework
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
17 Jul
Fix available
Severity - 5.3 (Medium)
GHSA-89q6-98xx-4ffw
Packagist/silverstripe/reports
Silverstripe Reports are still accessible even when `canView()` returns false
17 Jul
Fix available
Severity - 5.3 (Medium)
GHSA-fg86-4c2r-7wxw
Packagist/torrentpier/torrentpier
TorrentPier Deserialization of Untrusted Data vulnerability
15 Jul
No fix available
Severity - 9.3 (Critical)
GHSA-875x-g8p7-5w27
Packagist/web-auth/webauthn-lib
Packagist/web-auth/webauthn-framework
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
15 Jul
Fix available
Severity - 6.9 (Medium)
GHSA-x6p7-44rh-m3rr
Packagist/auth0/wordpress
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
11 Jul
Fix available
Severity - 5.1 (Medium)
GHSA-mqqj-fx8h-437j
Packagist/privatebin/privatebin
PrivateBin allows shortening of URLs for other domains
10 Jul
Fix available
Severity - 6.9 (Medium)
GHSA-pj36-fcrg-327j
Packagist/ssddanbrown/bookstack
BookStack Incorrect Access Control vulnerability
10 Jul
Fix available
Severity - 8.8 (High)
Load more...
Packagist - OSV