Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
723067
AlmaLinux
5138
Alpaquita
11308
Alpine
4310
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
521
Bitnami
8199
Chainguard
7258
CleanStart
1524
CRAN
14
crates.io
2499
Debian
58901
Echo
5806
GHC
3
GIT
81718
GitHub Actions
54
Go
7906
Hackage
32
Hex
164
Julia
979
Linux
15361
Mageia
6003
Maven
6624
MinimOS
77107
npm
221167
NuGet
1758
opam
18
openEuler
7054
openSUSE
13287
OSS-Fuzz
3948
Packagist
6587
Pub
11
PyPI
20690
Red Hat
20892
Rocky Linux
3524
Root
17042
RubyGems
2007
SUSE
21013
SwiftURL
58
TuxCare
5651
Ubuntu
56711
VSCode
20
Wolfi
4781
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pgcq-8grm-5rx9
Packagist/paymenter/paymenter
Paymenter has race condition in payWithCredit() that enables credit double-spend
7 hours ago
Fix available
Severity - 5.3 (Medium)
GHSA-h8vq-8gpg-mhcg
Packagist/twig/twig
Twig: Sandbox property allowlist bypass via the
`
column
`
filter under
`
SourcePolicyInterface
`
7 hours ago
Fix available
GHSA-8x9c-rmqh-456c
Packagist/twig/twig
Twig: Sandbox
`
__toString()
`
policy bypass via
`
Traversable
`
in
`
join
`
and
`
replace
`
filters
7 hours ago
Fix available
GHSA-5v5v-ww74-355v
Packagist/twig/twig
Twig: Sandbox
`
__toString()
`
policy bypass via dynamic mapping keys
7 hours ago
Fix available
GHSA-p42q-9prx-q5wq
Packagist/twig/twig
Twig: Sandbox state regression in deprecated internal wrappers in
`
src/Resources/core.php
`
7 hours ago
Fix available
GHSA-5q4q-834j-g8g4
Packagist/paymenter/paymenter
Paymenter has URL parameter injection that bypasses paid plan limits at checkout
9 hours ago
Fix available
Severity - 8.5 (High)
GHSA-7mqq-4v55-88gh
Packagist/statamic/cms
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
4 days ago
Fix available
Severity - 3.5 (Low)
GHSA-h77m-qrj7-jxcw
Packagist/statamic/cms
Statamic Vulnerable to CSV formula injection in form submission exports
4 days ago
Fix available
Severity - 6.1 (Medium)
GHSA-v5c4-wcpj-x73m
Packagist/statamic/cms
Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)
4 days ago
Fix available
Severity - 4.9 (Medium)
GHSA-7vfx-4246-jcfh
Packagist/solidinvoice/solidinvoice
SolidInvoice: IDOR in LiveComponent allows same-company cross-user access to API tokens and notification transport settings
4 days ago
Fix available
Severity - 8.9 (High)
GHSA-m92m-r54r-x8r2
Packagist/statamic/cms
Statamic CMS's unsafe method invocation via collection sorting allows data destruction
4 days ago
Fix available
Severity - 7.4 (High)
GHSA-2497-6pwj-pwg7
Packagist/statamic/cms
Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
4 days ago
Fix available
Severity - 4.3 (Medium)
GHSA-x8g9-h984-pc36
Packagist/pontedilana/php-weasyprint
PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option
4 days ago
Fix available
Severity - 6.5 (Medium)
GHSA-5g9f-cwwg-4p8g
Packagist/pontedilana/php-weasyprint
PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles
4 days ago
Fix available
Severity - 3.0 (Low)
GHSA-2fmj-p74r-3wjm
Packagist/pontedilana/php-weasyprint
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
4 days ago
Fix available
Severity - 8.1 (High)
GHSA-mmj8-wcvw-6789
Packagist/aimeos/pagible
Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy
4 days ago
Fix available
Severity - 3.0 (Low)
Load more...
Packagist - OSV