Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-3gv2-29qc-v67m
  • Packagist/symfony/security-bundle
  • Packagist/symfony/security-bundle
  • Packagist/symfony/security-bundle
  • Packagist/symfony/security-bundle
  • Packagist/symfony/security-bundle
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
Symfony vulnerable to Session Fixation of CSRF tokens
  • 2.0.7
  • v2.0.10
  • v2.0.12
  • v2.0.13
  • v2.0.14
  • v2.0.15
  • v2.0.16
  • ...
2023-02-04T00:50:54.238658Z Fix available
GHSA-h7vf-5wrv-9fhv
  • Packagist/symfony/http-kernel
  • Packagist/symfony/http-kernel
  • Packagist/symfony/http-kernel
  • Packagist/symfony/http-kernel
  • Packagist/symfony/http-kernel
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
  • Packagist/symfony/symfony
Symfony storing cookie headers in HttpCache
  • 2.0.4
  • 2.0.5
  • 2.0.6
  • 2.0.7
  • v2.0.10
  • v2.0.12
  • v2.0.13
  • ...
2023-02-04T00:50:54.047648Z Fix available
GHSA-q3c8-65q7-9v78
  • Packagist/automad/automad
Cross site scripting in automad/automad
  • 1.0.0
  • 1.0.0-beta1
  • 1.0.0-beta2
  • 1.0.0-beta3
  • 1.0.0-beta4
  • 1.0.0-beta5
  • 1.0.1
  • ...
2023-02-04T00:36:08.954263Z Fix available
GHSA-vxpm-8hcp-qh27
  • Packagist/swag/paypal
Payment information sent to PayPal not necessarily identical to created order
  • 0.10.0
  • 0.10.1
  • 0.11.0
  • 0.11.1
  • 0.12.0
  • 0.13.0
  • 0.9.0
  • ...
2023-02-04T00:29:56.370337Z Fix available
GHSA-8xv4-jj4h-qww6
  • Packagist/pimcore/pimcore
Pimcore contains Unrestricted Upload of File with Dangerous Type
  • 10.0.8
  • 2.2.0
  • 2.2.1
  • 2.2.2
  • 2.3.0
  • 3.0.0
  • 3.0.1
  • ...
2023-02-04T00:21:01.056537Z Fix available
GHSA-2mgx-226x-8pwv
  • Packagist/wwbn/avideo
AVideo vulnerable to Improper Privilege Management
  • See details.
2023-02-03T21:55:19Z Fix available
GHSA-82j4-vr25-x394
  • Packagist/showdoc/showdoc
Cross-site Scripting in ShowDoc
  • v1.0.0
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • v1.0.4
  • v1.0.5
  • v1.1.0
  • ...
2023-02-03T06:03:57.490254Z Fix available
GHSA-77rm-9x9h-xj3g
  • NuGet/Google.Protobuf
  • Packagist/google/protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • PyPI/protobuf
NULL Pointer Dereference in Protocol Buffers
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2023-02-03T06:03:30.309657Z Fix available
GHSA-phrq-v4q2-hmq6
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
  • Packagist/sabberworm/php-css-parser
Code injection vulnerability in allSelectors()
  • 8.3.0
  • 8.2.0
  • 8.1.0
  • 8.0.0
  • 7.0.0
  • 7.0.1
  • 7.0.2
  • ...
2023-02-03T06:01:35.885907Z Fix available
GHSA-vpw5-grxx-v396
  • Packagist/lms/routes
CSRF token exposure in TYPO3 extension
  • v1.3.3
  • v1.4.0
  • v1.4.1
  • v1.5.0
  • v1.5.1
  • v1.5.10
  • v1.5.2
  • ...
2023-02-03T06:01:32.491703Z Fix available
GHSA-5vfx-8w6m-h3v4
  • Packagist/pterodactyl/panel
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
  • v1.0.0
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • v1.1.0
  • v1.1.1
  • v1.1.2
  • ...
2023-02-03T06:01:30.354177Z Fix available
GHSA-pwwm-pwx2-2hw7
  • Packagist/snipe/snipe-it
Generation of Error Message Containing Sensitive Information in Snipe-IT
  • 3.2.0
  • v0.1.0
  • v0.1.1
  • v0.1.2
  • v0.2.0
  • v0.3.0-alpha
  • v0.3.10-alpha
  • ...
2023-02-03T06:01:24.894492Z Fix available
GHSA-7gm7-8q8v-9gf2
  • Packagist/shopware/platform
  • Packagist/shopware/core
Server-Side Request Forgery (SSRF) in Shopware
  • 6.3.0.0
  • 6.3.0.1
  • 6.3.0.2
  • 6.3.1.0
  • 6.3.1.1
  • 6.3.2.0
  • 6.3.2.1
  • ...
2023-02-03T06:01:24.346552Z Fix available
GHSA-7rg4-266c-jqw6
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
Predictable CSRF tokens in centreon/centreon
  • 20.10.0
  • 20.10.1
  • 20.10.2
  • 20.10.3
  • 20.10.4
  • 20.10.5
  • 20.10.6
  • ...
2023-02-03T06:00:17.286690Z Fix available
GHSA-7vxc-chqj-h83g
  • Packagist/showdoc/showdoc
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
  • v1.0.0
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • v1.0.4
  • v1.0.5
  • v1.1.0
  • ...
2023-02-03T05:58:16.112270Z Fix available
GHSA-vcvg-g8p2-3hqr
  • Packagist/backdrop/backdrop
Cross-site Scripting in Backdrop CMS
  • 1.13.2-rc1
  • 1.13.2-rc2
  • 1.17.3
  • 1.18.3
  • 1.19.1
  • 1.20.3
  • 1.21.0
  • ...
2023-02-03T05:58:14.237469Z No fix available