OSV

GHSA-w3w9-vrf5-8mx8

Packagist/react/http

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.8.0
v0.8.1
...

2022-10-04T16:21:23.169240Z

Fix available

GHSA-5mqq-7g25-r4wx

Packagist/feehi/feehicms

FeehiCMS vulnerable to Cross-Site scripting via crafted payload

0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
...

2022-10-01T17:35:48.629967Z

No fix available

GHSA-rv5q-72p2-2q24

Packagist/centreon/centreon
Packagist/centreon/centreon
Packagist/centreon/centreon

Centreon contains cross-site scripting vulnerability via esc_name parameter

18.10.10
18.10.11
18.10.12
18.10.6
18.10.7
18.10.8
18.10.9
...

2022-09-30T06:55:40.204798Z

Fix available

GHSA-25gv-wg6f-6frp

Packagist/centreon/centreon
Packagist/centreon/centreon
Packagist/centreon/centreon

Centreon SQL Injection vulnerability via esc_name parameter

18.10.10
18.10.11
18.10.12
18.10.6
18.10.7
18.10.8
18.10.9
...

2022-09-30T06:55:08.919583Z

Fix available

GHSA-52m2-vc4m-jj33

Packagist/twig/twig
Packagist/twig/twig
Packagist/twig/twig

Twig may load a template outside a configured directory when using the filesystem loader

1.3.0
1.4.0
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
...

2022-09-30T06:16:45.655545Z

Fix available

GHSA-6x28-7h8c-chx4

Packagist/dompdf/dompdf

Dompdf allows remote file inclusion because URI validation failure does not halt font registration

v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.7.0-beta
v0.7.0-beta2
v0.7.0-beta3
...

2022-09-30T04:54:32.441818Z

Fix available

GHSA-qrqm-574x-q7f2

Packagist/awesome-support/awesome-support

Awesome Support vulnerable to persistent cross-site scripting

3.0.0
3.0.0-beta-1
3.0.0-beta-2
3.0.1
3.1.0
3.1.1
3.1.10
...

2022-09-29T19:17:13.625274Z

Fix available

GHSA-4h9c-v5vg-5m6m

Packagist/smarty/smarty
Packagist/smarty/smarty

Access to restricted PHP code by dynamic static class access in smarty

v2.6.24
v2.6.25
v2.6.26
v2.6.27
v2.6.28
v2.6.29
v2.6.30
...

2022-09-27T08:56:39.831942Z

Fix available

GHSA-29gp-2c3m-3j6m

Packagist/smarty/smarty
Packagist/smarty/smarty

Sandbox Escape by math function in smarty

v2.6.24
v2.6.25
v2.6.26
v2.6.27
v2.6.28
v2.6.29
v2.6.30
...

2022-09-27T08:56:31.633789Z

Fix available

GHSA-634x-pc3q-cf4c

Packagist/smarty/smarty
Packagist/smarty/smarty

PHP Code Injection by malicious block or filename in Smarty

v2.6.24
v2.6.25
v2.6.26
v2.6.27
v2.6.28
v2.6.29
v2.6.30
...

2022-09-27T08:55:57.078847Z

Fix available

GHSA-fvf5-xp83-vrqp

Packagist/icecoder/icecoder

ICEcoder vulnerable to Path Traversal

2022-09-27T08:55:39.928785Z

No fix available

GHSA-hwq7-5vv9-c6cf

Packagist/smarty/smarty
Packagist/smarty/smarty

Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto

v2.6.24
v2.6.25
v2.6.26
v2.6.27
v2.6.28
v2.6.29
v2.6.30
...

2022-09-27T08:55:14.561455Z

Fix available

GHSA-mw37-wx8p-gp45

Packagist/craftcms/cms
Packagist/craftcms/cms

Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts

3.7.0
3.7.0-beta.1
3.7.0-beta.2
3.7.0-beta.3
3.7.0-beta.4
3.7.0-beta.5
3.7.0-beta.6
...

2022-09-26T20:01:16.655659Z

Fix available

GHSA-mrwr-2945-fr22

Packagist/pagekit/pagekit

Cross-site scripting in PageKit

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.11.0
0.11.1
...

2022-09-25T03:32:31.217074Z

No fix available

GHSA-v2f3-f8x4-m3w8

Packagist/lavalite/cms

Cross Site Scripting in LavaLite CMS

5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
...

2022-09-25T03:32:30.832786Z

No fix available

GHSA-v92m-hhhw-vv9v

Packagist/codiad/codiad

Code injection in codiad

v1.3.6

2022-09-25T03:32:11.054741Z

No fix available

Vulnerability Library