Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-2rxh-h6h9-qrqc
  • Packagist/typo3/cms-core
  • Packagist/typo3/cms-core
Class destructors causing side-effects when being unserialized in TYPO3 CMS
  • v9.0.0
  • v9.1.0
  • v9.2.0
  • v9.2.1
  • v9.3.0
  • v9.3.1
  • v9.3.2
  • ...
2022-12-03T04:21:29.272655Z Fix available
GHSA-q559-8m2m-g699
  • Packagist/guzzlehttp/guzzle
  • Packagist/guzzlehttp/guzzle
Change in port should be considered a change in origin
  • 4.0.0
  • 4.0.0-rc.1
  • 4.0.0-rc.2
  • 4.0.1
  • 4.0.2
  • 4.1.0
  • 4.1.1
  • ...
2022-12-03T04:20:34.411819Z Fix available
GHSA-79gx-3fm8-qxqq
  • Packagist/microweber/microweber
Microweber vulnerable to cross-site scripting (XSS)
  • 0.9.346
  • 0.93
  • 0.931
  • 0.934
  • 0.951
  • 1.0.3
  • 1.0.4
  • ...
2022-12-02T22:53:15.570809Z No fix available
GHSA-g389-rf5p-fg56
  • Packagist/badaso/core
Badaso vulnerable to Remote Code Execution (RCE)
  • 1.0.0
  • 1.0.0-alpha.1
  • 1.0.0-alpha.10
  • 1.0.0-alpha.11
  • 1.0.0-alpha.12
  • 1.0.0-alpha.13
  • 1.0.0-alpha.14
  • ...
2022-12-02T22:52:46.208993Z Fix available
GHSA-q7qq-9gx2-ggxv
  • Packagist/phpxmlrpc/phpxmlrpc
phpxmlrpc vulnerable to argument injection
  • 3.0.0
  • 3.0.1
  • 3.1.0
  • 3.1.1
  • 3.1.2
  • 4.0.0
  • 4.0.0-alpha
  • ...
2022-12-02T22:38:25.608046Z Fix available
GHSA-6q49-35h6-rq2p
  • Packagist/spatie/browsershot
Browsershot version 3.57.3 vulnerable to improper input validation
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 1.0.0
  • 1.1.0
  • 1.2.0
  • ...
2022-12-02T22:38:13.615782Z Fix available
GHSA-4p38-rc98-cr39
  • Packagist/tribalsystems/zenario
Zenario CMS is vulnerable to Remote Code Execution (RCE).
  • 7.5.40440
  • 7.5.41006
  • 7.5.41499
  • 7.5.41633
  • 7.5.42085
  • 7.5.42990
  • 7.5.47180
  • ...
2022-12-02T22:23:11.153694Z Fix available
GHSA-8c2c-jxwj-jqgf
  • Packagist/spatie/browsershot
Browsershot does not validate URL protocols passed to Browsershot URL method
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 1.0.0
  • 1.1.0
  • 1.2.0
  • ...
2022-12-02T22:22:58.319594Z Fix available
GHSA-395x-wv32-44v5
  • Packagist/baserproject/basercms
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
  • See details.
2022-12-01T22:11:37Z Fix available
GHSA-82h9-v8vh-mfpq
  • Packagist/spatie/browsershot
Browsershot vulnerable to Cross-Site Scripting (XSS)
  • 0.1.0
  • 0.1.1
  • 0.1.2
  • 0.1.3
  • 1.0.0
  • 1.1.0
  • 1.2.0
  • ...
2022-11-30T23:42:09.701713Z Fix available
GHSA-58rj-w2qf-qjg7
  • Packagist/backdrop/backdrop
Cross-site Scripting in Backdrop CMS
  • 1.13.2-rc1
  • 1.13.2-rc2
  • 1.17.3
  • 1.18.3
  • 1.19.1
  • 1.20.3
  • 1.21.0
  • ...
2022-11-30T19:40:04.426232Z No fix available
GHSA-66jf-xm2m-7m8r
  • Packagist/silverstripe/versioned-admin
Stored XSS in Compare Mode
  • 1.0.0
  • 1.1.0
  • 1.1.0-rc1
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • 1.1.4
  • ...
2022-11-30T19:39:50.750543Z Fix available
GHSA-pp74-g2q5-j4jf
  • Packagist/silverstripe/cms
Stored XSS in custom meta tags
  • 4.0.0
  • 4.0.1
  • 4.0.1-rc1
  • 4.0.2
  • 4.0.3
  • 4.0.4
  • 4.0.5
  • ...
2022-11-30T19:39:50.713263Z Fix available
GHSA-vv3r-fxqp-vr3f
  • Packagist/silverstripe/assets
XSS via uploaded gpx file
  • 1.0.0
  • 1.0.1
  • 1.0.1-rc1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • ...
2022-11-30T19:39:37.915692Z Fix available
GHSA-qw4w-vq8v-2wcv
  • Packagist/silverstripe/framework
Stored XSS using uppercase characters in HTMLEditor
  • 4.0.0
  • 4.0.1
  • 4.0.1-rc1
  • 4.0.2
  • 4.0.3
  • 4.0.4
  • 4.0.5
  • ...
2022-11-30T19:39:24.318226Z Fix available
GHSA-f3hw-3h74-wr98
  • Packagist/librenms/librenms
Cross-site Scripting in librenms/librenms
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2022-11-29T18:06:47.106795Z Fix available