Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-qpgm-gjgf-8c2x
  • Packagist/craftcms/cms
Craft CMS XSS in RSS widget feed
  • 4.3.0
  • 4.3.1
  • 4.3.10
  • 4.3.11
  • 4.3.2
  • 4.3.2.1
  • 4.3.3
  • ...
2023-05-30T07:12:20.960765Z Fix available
GHSA-m6m8-6gq8-c9fj
  • Packagist/codeigniter4/framework
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
  • 4.0.0
  • 4.0.0-rc.4
  • v4.0.0-alpha.3
  • v4.0.0-alpha.4
  • v4.0.0-alpha.5
  • v4.0.0-beta.1
  • v4.0.0-beta.2
  • ...
2023-05-30T06:50:12.229726Z Fix available
GHSA-3wxg-w96j-8hq9
  • Packagist/craftcms/cms
  • Packagist/craftcms/cms
CraftCMS stored XSS in Quick Post widget error message
  • 4.0.0
  • 4.0.0-RC1
  • 4.0.0-RC2
  • 4.0.0-RC3
  • 4.0.0.1
  • 4.0.1
  • 4.0.2
  • ...
2023-05-26T22:05:10.973088Z Fix available
GHSA-cjmm-x9x9-m2w5
  • Packagist/craftcms/cms
Craft CMS stored XSS in review volume
  • 4.0.0
  • 4.0.0-RC1
  • 4.0.0-RC2
  • 4.0.0-RC3
  • 4.0.0.1
  • 4.0.1
  • 4.0.2
  • ...
2023-05-26T22:04:58.548183Z Fix available
GHSA-6qjx-787v-6pxr
  • Packagist/craftcms/cms
Craft CMS stored XSS in indexedVolumes
  • 4.0.0
  • 4.0.0-RC1
  • 4.0.0-RC2
  • 4.0.0-RC3
  • 4.0.0.1
  • 4.0.1
  • 4.0.2
  • ...
2023-05-26T22:04:08.161075Z Fix available
GHSA-7x94-jx75-3gh6
  • Packagist/craftcms/cms
Stored cross site scripting in Craft CMS
  • 1.0.26.1
  • 1.2.0-alpha.2310
  • 1.2.0-alpha.2312
  • 1.2.0-alpha.2316
  • 1.2.0-alpha.2318
  • 1.2.0-alpha.2319
  • 1.2.0-alpha.2322
  • ...
2023-05-26T21:19:22.971437Z Fix available
GHSA-25fx-3c2q-cq46
  • Packagist/pimcore/customer-management-framework-bundle
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
  • 1.0.0
  • 1.0.1
  • 1.3.17
  • 2.4.5
  • 2.5.1
  • v1.1.0
  • v1.1.1
  • ...
2023-05-25T21:47:13.112176Z Fix available
GHSA-w2pm-fr62-jgv4
  • Packagist/moodle/moodle
Moodle vulnerable to stored Cross-site Scripting
  • v2.3.10
  • v2.3.11
  • v2.3.4
  • v2.3.5
  • v2.3.6
  • v2.3.7
  • v2.3.8
  • ...
2023-05-25T19:19:23.505546Z No fix available
GHSA-h538-r9x6-rcmc
  • Packagist/lavalite/cms
LavaLite vulnerable to Cross Site Scripting
  • 5.5.0
  • 5.5.1
  • 5.5.2
  • 5.5.3
  • 5.5.4
  • 5.5.5
  • 5.5.6
  • ...
2023-05-25T19:19:23.469439Z No fix available
GHSA-j65r-g7q2-f8v3
  • Packagist/pimcore/customer-management-framework-bundle
Pimcore customers' list user password hash is disclosed
  • 1.0.0
  • 1.0.1
  • 1.3.17
  • 2.4.5
  • 2.5.1
  • v1.1.0
  • v1.1.1
  • ...
2023-05-25T17:04:03.802468Z Fix available
GHSA-vppq-6ff8-2m8w
  • Packagist/thorsten/phpmyfaq
phpMyFAQ vulnerable to stored Cross-site Scripting
  • 2.10.0-alpha
  • 2.8.0
  • 2.8.0-RC
  • 2.8.0-RC2
  • 2.8.0-RC3
  • 2.8.0-RC4
  • 2.8.0-alpha2
  • ...
2023-05-24T17:52:46.416583Z Fix available
GHSA-h6jh-cf83-qcq5
  • Packagist/nilsteampassnet/teampass
Code injection in nilsteampassnet/teampass
  • 2.1.21
  • 2.1.26
  • 2.1.27
  • 3.0.0
  • 3.0.0.10
  • 3.0.0.11
2023-05-24T17:49:12.237169Z Fix available
GHSA-j657-pjgc-c4h6
  • Packagist/thorsten/phpmyfaq
phpMyFAQ vulnerable to stored Cross-site Scripting
  • 2.10.0-alpha
  • 2.8.0
  • 2.8.0-RC
  • 2.8.0-RC2
  • 2.8.0-RC3
  • 2.8.0-RC4
  • 2.8.0-alpha2
  • ...
2023-05-24T17:34:04.966176Z Fix available
GHSA-94q4-v5g6-qp7x
  • Packagist/lavalite/cms
LavaLite CMS vulnerable to host header injection attack
  • 5.5.0
  • 5.5.1
  • 5.5.2
  • 5.5.3
  • 5.5.4
  • 5.5.5
  • 5.5.6
  • ...
2023-05-23T22:45:49.241569Z No fix available
GHSA-95x4-j7vc-h8mf
  • Packagist/react/http
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
  • v0.8.0
  • v0.8.1
  • v0.8.2
  • v0.8.3
  • v0.8.4
  • v0.8.5
  • v0.8.6
  • ...
2023-05-22T21:48:30.354432Z Fix available
GHSA-6vcf-cfjp-qxcw
  • Packagist/lavalite/cms
LavaLite vulnerable to web cache poisoning
  • 5.5.0
  • 5.5.1
  • 5.5.2
  • 5.5.3
  • 5.5.4
  • 5.5.5
  • 5.5.6
  • ...
2023-05-22T21:48:18.257684Z No fix available