Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9fwj-9mjf-rhj3
  • Packagist/auth0/login
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-2f4r-34m4-3w8q
  • Packagist/auth0/wordpress
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-9wg9-93h9-j8ch
  • Packagist/auth0/symfony
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-g98g-r7gf-2r25
  • Packagist/auth0/auth0-php
Forgeable Encrypted Session Cookie in Apps Using Auth0-PHP SDK 2 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-f6rx-hf55-4255
  • Packagist/sulu/sulu
Sulu vulnerable to XXE in SVG File upload Inspector 3 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-fw82-87p8-v6hp
  • Packagist/getkirby/kirby
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper 5 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-9p3p-w5jf-8xxg
  • Packagist/getkirby/cms
Kirby vulnerable to path traversal in the router for PHP's built-in server 5 days ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-x275-h9j4-7p4h
  • Packagist/getkirby/cms
Kirby vulnerable to path traversal of collection names during file system lookup 5 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-qqcr-9jfc-35c4
  • Packagist/oxid-esales/oxideshop-ce
OXID eShop May Display User Information 5 days ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-7vrx-9684-xrf2
  • Packagist/craftcms/cms
Craft CMS stores arbitrary content provided by unauthenticated users in session files 08 May
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-fxvx-gfmr-5xfj
  • Packagist/koillection/koillection
Koillection Cross Site Scripting vulnerability 07 May
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-hcjv-982c-5f29
  • Packagist/alextselegidis/easyappointments
Easy!Appointments Denial of Service (DoS) 07 May
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-3527-qv2q-pfvx
  • Packagist/league/commonmark
league/commonmark contains a XSS vulnerability in Attributes extension 05 May
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-7c58-g782-9j38
  • Packagist/craftcms/cms
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI 05 May
  • Fix available
  • Severity - 7.3 (High)
GHSA-96hh-8hx5-cpw7
  • Packagist/october/system
  • Packagist/october/october
October CMS Allows Unprotected SVG Rename in Media Manager 05 May
  • Fix available
  • Severity - 1.1 (Low)
GHSA-h3vp-qwmx-5j25
  • Packagist/snipe/snipe-it
Grokability Snipe-IT has incorrect authorization for accessing asset information 02 May
  • Fix available
  • Severity - 5.0 (Medium)