Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g59r-24g3-h7cm
  • Packagist/statamic/cms
 Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation 2 days ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-h72q-cq3w-h3wc
  • Packagist/drupal/civictheme
 Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-jqmq-fpwv-p925
  • Packagist/drupal/simple_oauth
 Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-x957-32v9-m7vg
  • Packagist/drupal/acquia_dam
 Drupal Acquia DAM allows Forceful Browsing 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-27fv-rpgj-4c6m
  • Packagist/drupal/currency
 Drupal Currency allows Cross Site Request Forgery 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-27mc-9399-r9mx
  • Packagist/drupal/access_code
 Drupal Access code allows Brute Force Attempts 2 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-fg8x-q69g-4qp3
  • Packagist/drupal/reverse_proxy_header
 Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-jxp8-4jw5-5xjc
  • Packagist/drupal/umami_analytics
 Drupal Umami Analytics allows Cross-Site Scripting (XSS) 2 days ago
  • Fix available
  • Severity - 3.8 (Low)
GHSA-m3f2-xjgc-2wp2
  • Packagist/drupal/json_field
 Drupal JSON Field is vulnerable to XSS 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-pr6m-qwrr-mrw9
  • Packagist/drupal/plausible_tracking
 Drupal Plausible tracking is vulnerable to XSS 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-qxr9-f877-9842
  • Packagist/drupal/civictheme
 Drupal CivicTheme Design System allows Forceful Browsing 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-9f58-4465-23c7
  • Packagist/code16/sharp
 Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax 3 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-867c-p784-5q6g
  • Packagist/privatebin/privatebin
 PrivateBin is missing HTML sanitization of attached filename in file size hint 4 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-25wf-7x6c-wmpf
  • Packagist/moodle/moodle
 Moodle does not properly enforce MFA 23 Oct
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-422v-w6c5-vq42
  • Packagist/moodle/moodle
 Moodle exposed the names of hidden groups to users 23 Oct
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-c5cj-xp43-qcc3
  • Packagist/moodle/moodle
 Moodle's error handling leads to sensitive information disclosure 23 Oct
  • Fix available
  • Severity - 5.3 (Medium)
Load more...