Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
75685
AlmaLinux
2471
Alpine
3286
Android
807
Bitnami
6914
CRAN
9
crates.io
1223
Debian
9624
GitHub Actions
11
Go
1760
Hackage
15
Hex
25
Linux
13573
Maven
4207
npm
12763
NuGet
533
OSS-Fuzz
3090
Packagist
2365
Pub
5
PyPI
11206
Rocky Linux
1030
RubyGems
740
SwiftURL
28
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-2c7x-w3mx-h7p6
Packagist/microweber/microweber
Microweber file upload vulnerability
0.9.346
0.93
0.931
0.934
0.951
1.0.3
1.0.4
...
2023-11-30T09:30:31Z
No fix available
GHSA-rvx8-p3xp-fj3p
Packagist/october/system
October CMS stored XSS by authenticated backend user with improper configuration
See details.
2023-11-29T21:45:31Z
Fix available
GHSA-p8q3-h652-65vx
Packagist/october/system
October CMS safe mode bypass using Twig sandbox escape
See details.
2023-11-29T21:33:21Z
Fix available
GHSA-q22j-5r3g-9hmh
Packagist/october/system
October CMS safe mode bypass using Page template injection
See details.
2023-11-29T21:33:16Z
Fix available
GHSA-ww7x-3gxh-qm6r
Packagist/simplesamlphp/xml-security
Packagist/simplesamlphp/saml2
Validation of SignedInfo
1.6.11
v1.6.11
5.0.0-alpha.12
v5.0.0-alpha.12
2023-11-28T18:52:19Z
Fix available
GHSA-88g2-xgh9-4ph2
Packagist/oro/commerce
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
4.2.0
4.2.1
4.2.10
4.2.2
4.2.3
4.2.4
4.2.5
...
2023-11-27T23:29:52Z
Fix available
GHSA-8gwj-68w6-7v6c
Packagist/oro/customer-portal
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
...
2023-11-27T23:29:37Z
Fix available
GHSA-897w-jv7j-6r7g
Packagist/oro/crm-call-bundle
OroCRMCallBundle has incorrect call view page visibility
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
5.0.0
...
2023-11-27T23:29:31Z
Fix available
GHSA-x2xm-p6vq-482g
Packagist/oro/calendar-bundle
OroCalendarBundle has incorrect system calendar events visibility
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
...
2023-11-27T23:29:11Z
Fix available
GHSA-9v3j-4j64-p937
Packagist/oro/platform
OroPlatform vulnerable to path traversal during temporary file manipulations
4.1.0
4.1.1
4.1.1-rc
4.1.1-rc2
4.1.10
4.1.11
4.1.12
...
2023-11-27T23:28:52Z
Fix available
GHSA-9wwg-r3c7-4vfg
Packagist/pimcore/admin-ui-classic-bundle
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
v1.0.0
v1.0.0-BETA1
v1.0.0-RC1
v1.0.0-RC2
v1.0.1
v1.0.2
v1.0.3
...
2023-11-27T23:23:02Z
Fix available
GHSA-jpr7-q523-hx25
Packagist/phpseclib/phpseclib
phpseclib vulnerable to denial of service
0.3.0
0.3.1
0.3.10
0.3.5
0.3.6
0.3.7
0.3.8
...
2023-11-27T18:31:14Z
Fix available
GHSA-2ghm-r75j-pjx2
Packagist/rhukster/dom-sanitizer
Cross-site Scripting in DOMSanitizer
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
2023-11-23T00:30:58Z
Fix available
GHSA-v427-c49j-8w6x
Packagist/codeigniter4/shield
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
v1.0.0-beta
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.0-beta.7
2023-11-23T00:28:14Z
Fix available
GHSA-j72f-h752-mx4w
Packagist/codeigniter4/shield
Insertion of Sensitive Information into Log
v1.0.0-beta
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-beta.4
v1.0.0-beta.5
v1.0.0-beta.6
v1.0.0-beta.7
2023-11-23T00:28:13Z
Fix available
GHSA-8jjh-j3c2-cjcv
Packagist/statamic/cms
Cross-site Scripting via uploaded assets
v3.0.0
v3.0.0-beta.1
v3.0.0-beta.10
v3.0.0-beta.11
v3.0.0-beta.12
v3.0.0-beta.13
v3.0.0-beta.14
...
2023-11-22T20:55:07Z
Fix available
Load more...
Packagist - OSV