Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-2c7x-w3mx-h7p6
  • Packagist/microweber/microweber
Microweber file upload vulnerability
  • 0.9.346
  • 0.93
  • 0.931
  • 0.934
  • 0.951
  • 1.0.3
  • 1.0.4
  • ...
2023-11-30T09:30:31Z No fix available
GHSA-rvx8-p3xp-fj3p
  • Packagist/october/system
October CMS stored XSS by authenticated backend user with improper configuration
  • See details.
2023-11-29T21:45:31Z Fix available
GHSA-p8q3-h652-65vx
  • Packagist/october/system
October CMS safe mode bypass using Twig sandbox escape
  • See details.
2023-11-29T21:33:21Z Fix available
GHSA-q22j-5r3g-9hmh
  • Packagist/october/system
October CMS safe mode bypass using Page template injection
  • See details.
2023-11-29T21:33:16Z Fix available
GHSA-ww7x-3gxh-qm6r
  • Packagist/simplesamlphp/xml-security
  • Packagist/simplesamlphp/saml2
Validation of SignedInfo
  • 1.6.11
  • v1.6.11
  • 5.0.0-alpha.12
  • v5.0.0-alpha.12
2023-11-28T18:52:19Z Fix available
GHSA-88g2-xgh9-4ph2
  • Packagist/oro/commerce
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
  • 4.2.0
  • 4.2.1
  • 4.2.10
  • 4.2.2
  • 4.2.3
  • 4.2.4
  • 4.2.5
  • ...
2023-11-27T23:29:52Z Fix available
GHSA-8gwj-68w6-7v6c
  • Packagist/oro/customer-portal
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
  • 4.2.0
  • 4.2.1
  • 4.2.2
  • 4.2.3
  • 4.2.4
  • 4.2.5
  • 4.2.6
  • ...
2023-11-27T23:29:37Z Fix available
GHSA-897w-jv7j-6r7g
  • Packagist/oro/crm-call-bundle
OroCRMCallBundle has incorrect call view page visibility
  • 4.2.0
  • 4.2.1
  • 4.2.2
  • 4.2.3
  • 4.2.4
  • 4.2.5
  • 5.0.0
  • ...
2023-11-27T23:29:31Z Fix available
GHSA-x2xm-p6vq-482g
  • Packagist/oro/calendar-bundle
OroCalendarBundle has incorrect system calendar events visibility
  • 4.2.0
  • 4.2.1
  • 4.2.2
  • 4.2.3
  • 4.2.4
  • 4.2.5
  • 4.2.6
  • ...
2023-11-27T23:29:11Z Fix available
GHSA-9v3j-4j64-p937
  • Packagist/oro/platform
OroPlatform vulnerable to path traversal during temporary file manipulations
  • 4.1.0
  • 4.1.1
  • 4.1.1-rc
  • 4.1.1-rc2
  • 4.1.10
  • 4.1.11
  • 4.1.12
  • ...
2023-11-27T23:28:52Z Fix available
GHSA-9wwg-r3c7-4vfg
  • Packagist/pimcore/admin-ui-classic-bundle
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
  • v1.0.0
  • v1.0.0-BETA1
  • v1.0.0-RC1
  • v1.0.0-RC2
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • ...
2023-11-27T23:23:02Z Fix available
GHSA-jpr7-q523-hx25
  • Packagist/phpseclib/phpseclib
phpseclib vulnerable to denial of service
  • 0.3.0
  • 0.3.1
  • 0.3.10
  • 0.3.5
  • 0.3.6
  • 0.3.7
  • 0.3.8
  • ...
2023-11-27T18:31:14Z Fix available
GHSA-2ghm-r75j-pjx2
  • Packagist/rhukster/dom-sanitizer
Cross-site Scripting in DOMSanitizer
  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.0.6
2023-11-23T00:30:58Z Fix available
GHSA-v427-c49j-8w6x
  • Packagist/codeigniter4/shield
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
  • v1.0.0-beta
  • v1.0.0-beta.2
  • v1.0.0-beta.3
  • v1.0.0-beta.4
  • v1.0.0-beta.5
  • v1.0.0-beta.6
  • v1.0.0-beta.7
2023-11-23T00:28:14Z Fix available
GHSA-j72f-h752-mx4w
  • Packagist/codeigniter4/shield
Insertion of Sensitive Information into Log
  • v1.0.0-beta
  • v1.0.0-beta.2
  • v1.0.0-beta.3
  • v1.0.0-beta.4
  • v1.0.0-beta.5
  • v1.0.0-beta.6
  • v1.0.0-beta.7
2023-11-23T00:28:13Z Fix available
GHSA-8jjh-j3c2-cjcv
  • Packagist/statamic/cms
Cross-site Scripting via uploaded assets
  • v3.0.0
  • v3.0.0-beta.1
  • v3.0.0-beta.10
  • v3.0.0-beta.11
  • v3.0.0-beta.12
  • v3.0.0-beta.13
  • v3.0.0-beta.14
  • ...
2023-11-22T20:55:07Z Fix available