Vulnerability Library

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-296q-rj83-g9rq
  • Packagist/oveleon/contao-cookiebar
 Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar 13 hours ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-wmx7-pw49-88jx
  • Packagist/craftcms/cms
 Craft CMS Allows TOTP Token To Stay Valid After Use yesterday
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-vprp-94p9-5jp8
  • Packagist/dolibarr/dolibarr
 Dolibarr ERP CRM vulnerable to remote code execution (RCE) 2 days ago
  • No fix available
GHSA-3wmx-48g3-x66g
  • Packagist/backdrop/backdrop
 Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places 4 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-47mc-qmh2-mqj4
  • Packagist/automad/automad
 Automad arbitrary file upload vulnerability 19 Jul
  • No fix available
  • Severity - 8.7 (High)
GHSA-r9vw-cjf9-xh4x
  • Packagist/processwire/processwire
 ProcessWire Cross Site Request Forgery vulnerability 19 Jul
  • No fix available
  • Severity - 2.1 (Low)
GHSA-xrh7-2gfq-4rcq
  • Packagist/opencart/opencart
 openCart Server-Side Template Injection (SSTI) vulnerability 17 Jul
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-52cw-pvq9-9m5v
  • Packagist/silverstripe/framework
 Silverstripe uses TinyMCE which allows svg files linked in object tags 17 Jul
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-55rf-8q29-4g43
  • Packagist/sylius/sylius
 Sylius has a security vulnerability via adjustments API endpoint 17 Jul
  • Fix available
  • Severity - 8.7 (High)
GHSA-chx7-9x8h-r5mg
  • Packagist/silverstripe/framework
 Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload 17 Jul
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-89q6-98xx-4ffw
  • Packagist/silverstripe/reports
 Silverstripe Reports are still accessible even when `canView()` returns false 17 Jul
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-fg86-4c2r-7wxw
  • Packagist/torrentpier/torrentpier
 TorrentPier Deserialization of Untrusted Data vulnerability 15 Jul
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-875x-g8p7-5w27
  • Packagist/web-auth/webauthn-lib
  • Packagist/web-auth/webauthn-framework
 The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames 15 Jul
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-x6p7-44rh-m3rr
  • Packagist/auth0/wordpress
 Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting 11 Jul
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-mqqj-fx8h-437j
  • Packagist/privatebin/privatebin
 PrivateBin allows shortening of URLs for other domains 10 Jul
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-pj36-fcrg-327j
  • Packagist/ssddanbrown/bookstack
 BookStack Incorrect Access Control vulnerability 10 Jul
  • Fix available
  • Severity - 8.8 (High)
Load more...