OSV - Open Source Vulnerabilities

GHSA-9fwj-9mjf-rhj3

Packagist/auth0/login

laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-2f4r-34m4-3w8q

Packagist/auth0/wordpress

Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-9wg9-93h9-j8ch

Packagist/auth0/symfony

Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-g98g-r7gf-2r25

Packagist/auth0/auth0-php

Forgeable Encrypted Session Cookie in Apps Using Auth0-PHP SDK

2 days ago

Fix available
Severity - 9.1 (Critical)

GHSA-f6rx-hf55-4255

Packagist/sulu/sulu

Sulu vulnerable to XXE in SVG File upload Inspector

3 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-fw82-87p8-v6hp

Packagist/getkirby/kirby

Kirby vulnerable to path traversal of snippet names in the `snippet()` helper

5 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-9p3p-w5jf-8xxg

Packagist/getkirby/cms

Kirby vulnerable to path traversal in the router for PHP's built-in server

5 days ago

Fix available
Severity - 2.3 (Low)

GHSA-x275-h9j4-7p4h

Packagist/getkirby/cms

Kirby vulnerable to path traversal of collection names during file system lookup

5 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-qqcr-9jfc-35c4

Packagist/oxid-esales/oxideshop-ce

OXID eShop May Display User Information

5 days ago

No fix available
Severity - 7.5 (High)

GHSA-7vrx-9684-xrf2

Packagist/craftcms/cms

Craft CMS stores arbitrary content provided by unauthenticated users in session files

08 May

Fix available
Severity - 6.9 (Medium)

GHSA-fxvx-gfmr-5xfj

Packagist/koillection/koillection

Koillection Cross Site Scripting vulnerability

07 May

Fix available
Severity - 6.1 (Medium)

GHSA-hcjv-982c-5f29

Packagist/alextselegidis/easyappointments

Easy!Appointments Denial of Service (DoS)

07 May

No fix available
Severity - 5.5 (Medium)

GHSA-3527-qv2q-pfvx

Packagist/league/commonmark

league/commonmark contains a XSS vulnerability in Attributes extension

05 May

Fix available
Severity - 6.4 (Medium)

GHSA-7c58-g782-9j38

Packagist/craftcms/cms

Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI

05 May

Fix available
Severity - 7.3 (High)

GHSA-96hh-8hx5-cpw7

Packagist/october/system
Packagist/october/october

October CMS Allows Unprotected SVG Rename in Media Manager

05 May

Fix available
Severity - 1.1 (Low)

GHSA-h3vp-qwmx-5j25

Packagist/snipe/snipe-it

Grokability Snipe-IT has incorrect authorization for accessing asset information

02 May

Fix available
Severity - 5.0 (Medium)