Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-rv5q-72p2-2q24
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
Centreon contains cross-site scripting vulnerability via esc_name parameter
  • 18.10.10
  • 18.10.11
  • 18.10.12
  • 18.10.6
  • 18.10.7
  • 18.10.8
  • 18.10.9
  • ...
2022-09-30T06:55:40.204798Z Fix available
GHSA-25gv-wg6f-6frp
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
  • Packagist/centreon/centreon
Centreon SQL Injection vulnerability via esc_name parameter
  • 18.10.10
  • 18.10.11
  • 18.10.12
  • 18.10.6
  • 18.10.7
  • 18.10.8
  • 18.10.9
  • ...
2022-09-30T06:55:08.919583Z Fix available
GHSA-52m2-vc4m-jj33
  • Packagist/twig/twig
  • Packagist/twig/twig
  • Packagist/twig/twig
Twig may load a template outside a configured directory when using the filesystem loader
  • 1.3.0
  • 1.4.0
  • 1.5.0
  • 1.5.1
  • 1.6.0
  • 1.6.1
  • 1.6.2
  • ...
2022-09-30T06:16:45.655545Z Fix available
GHSA-6x28-7h8c-chx4
  • Packagist/dompdf/dompdf
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
  • v0.6.0
  • v0.6.1
  • v0.6.2
  • v0.7.0
  • v0.7.0-beta
  • v0.7.0-beta2
  • v0.7.0-beta3
  • ...
2022-09-30T04:54:32.441818Z Fix available
GHSA-qrqm-574x-q7f2
  • Packagist/awesome-support/awesome-support
Awesome Support vulnerable to persistent cross-site scripting
  • 3.0.0
  • 3.0.0-beta-1
  • 3.0.0-beta-2
  • 3.0.1
  • 3.1.0
  • 3.1.1
  • 3.1.10
  • ...
2022-09-29T19:17:13.625274Z Fix available
GHSA-4h9c-v5vg-5m6m
  • Packagist/smarty/smarty
  • Packagist/smarty/smarty
Access to restricted PHP code by dynamic static class access in smarty
  • v2.6.24
  • v2.6.25
  • v2.6.26
  • v2.6.27
  • v2.6.28
  • v2.6.29
  • v2.6.30
  • ...
2022-09-27T08:56:39.831942Z Fix available
GHSA-29gp-2c3m-3j6m
  • Packagist/smarty/smarty
  • Packagist/smarty/smarty
Sandbox Escape by math function in smarty
  • v2.6.24
  • v2.6.25
  • v2.6.26
  • v2.6.27
  • v2.6.28
  • v2.6.29
  • v2.6.30
  • ...
2022-09-27T08:56:31.633789Z Fix available
GHSA-634x-pc3q-cf4c
  • Packagist/smarty/smarty
  • Packagist/smarty/smarty
PHP Code Injection by malicious block or filename in Smarty
  • v2.6.24
  • v2.6.25
  • v2.6.26
  • v2.6.27
  • v2.6.28
  • v2.6.29
  • v2.6.30
  • ...
2022-09-27T08:55:57.078847Z Fix available
GHSA-fvf5-xp83-vrqp
  • Packagist/icecoder/icecoder
ICEcoder vulnerable to Path Traversal
  • 8.0
  • 8.1
2022-09-27T08:55:39.928785Z No fix available
GHSA-hwq7-5vv9-c6cf
  • Packagist/smarty/smarty
  • Packagist/smarty/smarty
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
  • v2.6.24
  • v2.6.25
  • v2.6.26
  • v2.6.27
  • v2.6.28
  • v2.6.29
  • v2.6.30
  • ...
2022-09-27T08:55:14.561455Z Fix available
GHSA-mw37-wx8p-gp45
  • Packagist/craftcms/cms
  • Packagist/craftcms/cms
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
  • 3.7.0
  • 3.7.0-beta.1
  • 3.7.0-beta.2
  • 3.7.0-beta.3
  • 3.7.0-beta.4
  • 3.7.0-beta.5
  • 3.7.0-beta.6
  • ...
2022-09-26T20:01:16.655659Z Fix available
GHSA-mrwr-2945-fr22
  • Packagist/pagekit/pagekit
Cross-site scripting in PageKit
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.11.0
  • 0.11.1
  • ...
2022-09-25T03:32:31.217074Z No fix available
GHSA-v2f3-f8x4-m3w8
  • Packagist/lavalite/cms
Cross Site Scripting in LavaLite CMS
  • 5.5.0
  • 5.5.1
  • 5.5.2
  • 5.5.3
  • 5.5.4
  • 5.5.5
  • 5.5.6
  • ...
2022-09-25T03:32:30.832786Z No fix available
GHSA-v92m-hhhw-vv9v
  • Packagist/codiad/codiad
Code injection in codiad
  • v1.3.6
2022-09-25T03:32:11.054741Z No fix available
GHSA-8vh3-29mr-m9xg
  • Packagist/showdoc/showdoc
Inadequate Encryption Strength in showdoc
  • v1.0.0
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • v1.0.4
  • v1.0.5
  • v1.1.0
  • ...
2022-09-25T03:31:33.033304Z No fix available
GHSA-7vph-p634-vrqf
  • Packagist/billz/raspap-webgui
Command Injection in RaspAP 2.6.6
  • 2.4.1
  • 2.5
  • 2.5.1
  • 2.5.2
  • 2.6
  • 2.6-beta
  • 2.6.1
  • ...
2022-09-25T03:31:26.260881Z No fix available