OSV - Open Source Vulnerabilities

GHSA-8xx5-h6m3-jr33

Packagist/prestashop/prestashop

Presta Shop vulnerable to email enumeration

yesterday

Fix available
Severity - 4.2 (Medium)

GHSA-3ggv-qwcp-j6xg

Packagist/mautic/core

Mautic Vulnerable to User Enumeration via Response Timing

yesterday

Fix available
Severity - 5.9 (Medium)

GHSA-9v8p-m85m-f7mm

Packagist/mautic/core

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

yesterday

Fix available
Severity - 4.8 (Medium)

GHSA-438m-6mhw-hq5w

Packagist/mautic/core

Mautic vulnerable to secret data extraction via elfinder

yesterday

Fix available
Severity - 5.5 (Medium)

GHSA-hj6f-7hp7-xg69

Packagist/mautic/core

Mautic vulnerable to SSRF via webhook function

yesterday

Fix available
Severity - 2.7 (Low)

GHSA-fqqv-56h5-f57g

Packagist/pocketmine/pocketmine-mp

PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

3 days ago

Fix available
Severity - 8.7 (High)

GHSA-qqfq-7cpp-hcqj

Packagist/contao/core-bundle
Packagist/contao/contao

Contao does not properly manage privileges for page and article fields

28 Aug

Fix available
Severity - 4.3 (Medium)

GHSA-w53m-gxvg-vx7p

Packagist/contao/core-bundle
Packagist/contao/contao

Contao can disclose sensitive information in the news module

28 Aug

Fix available
Severity - 5.3 (Medium)

GHSA-2xmj-8wmq-7475

Packagist/contao/core-bundle
Packagist/contao/contao

Contao discloses sensitive information in the front end search index

28 Aug

Fix available
Severity - 5.3 (Medium)

GHSA-7m47-r75r-cx8v

Packagist/contao/core-bundle
Packagist/contao/contao

Contao applies improper access control in the back end voters

28 Aug

Fix available
Severity - 4.3 (Medium)

GHSA-9hp3-f5g8-rccg

Packagist/solspace/craft-freeform

The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

27 Aug

Fix available
Severity - 9.8 (Critical)

GHSA-gqp9-jh35-439m

Packagist/badaso/core

Badaso CMS file upload vulnerability

26 Aug

No fix available
Severity - 8.9 (High)

GHSA-2f28-69j7-85hf

Packagist/alextselegidis/easyappointments

Easy!Appointments SQL injection vulnerability

26 Aug

Fix available
Severity - 5.7 (Medium)

GHSA-crcq-738g-pqvc

Packagist/craftcms/cms

Craft CMS Potential Remote Code Execution via Twig SSTI

25 Aug

Fix available
Severity - 6.6 (Medium)

GHSA-mqh4-2mm8-g7w9

Packagist/vrana/adminer

Adminer PHP Object Injection issue leads to Denial of Service

25 Aug

No fix available
Severity - 8.6 (High)

GHSA-rx7m-68vc-ppxh

Packagist/phpoffice/phpspreadsheet

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

25 Aug

Fix available
Severity - 8.7 (High)