Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-725m-w832-q973
  • Packagist/composer/composer
Composer allows cache poisoning from other projects built on the same host
  • 1.0.0-alpha1
  • 1.0.0-alpha10
  • 1.0.0-alpha11
  • 1.0.0-alpha2
  • 1.0.0-alpha3
  • 1.0.0-alpha4
  • 1.0.0-alpha5
  • ...
2023-09-21T06:30:25Z Fix available
GHSA-7cfq-72w2-24q4
  • Packagist/yiisoft/yii2
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
  • 2.0.0
  • 2.0.1
  • 2.0.2
  • 2.0.3
  • 2.0.4
2023-09-21T06:30:25Z Fix available
GHSA-62wf-h26v-5m57
  • Packagist/dolibarr/dolibarr
Cross Site Scripting vulnerability in Dolibarr ERP CRM
  • 10.0.0
  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4
  • 10.0.5
  • 10.0.6
  • ...
2023-09-20T03:30:17Z Fix available
GHSA-6773-rfjv-c54w
  • Packagist/dolibarr/dolibarr
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
  • 10.0.0
  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4
  • 10.0.5
  • 10.0.6
  • ...
2023-09-20T03:30:17Z Fix available
GHSA-g8h7-mcp6-pf47
  • Packagist/dolibarr/dolibarr
File Upload vulnerability in Dolibarr ERP CRM
  • 10.0.0
  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4
  • 10.0.5
  • 10.0.6
  • ...
2023-09-20T03:30:17Z Fix available
GHSA-2q8c-gqf4-mg3v
  • Packagist/librenms/librenms
Cross site scripting in librenms
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-19T03:30:34Z Fix available
GHSA-6qjf-7g3j-qx25
  • Packagist/neos/neos-ui
Neos CMS Cross Site Scripting vulnerability
  • 0.0.1
  • 1.0.0-beta0
  • 1.0.0-beta1
  • 1.0.0-beta2
  • 1.0.0-beta3
  • 1.0.0-beta4
  • 1.0.0-beta5
  • ...
2023-09-19T00:30:13Z No fix available
GHSA-57m2-mpc7-gwgx
  • Packagist/librenms/librenms
LibreNMS Code Injection vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-5jjm-qp48-qp86
  • Packagist/librenms/librenms
LibreNMS Cross-site Scripting vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-jp3c-g46v-jg2c
  • Packagist/librenms/librenms
LibreNMS Cross-site Scripting vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-m6jj-fgmh-3p8r
  • Packagist/librenms/librenms
LibreNMS Cross-site Scripting vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-qjpw-rg56-jh8v
  • Packagist/librenms/librenms
LibreNMS Cross-site Scripting vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-qxrq-376q-p39h
  • Packagist/librenms/librenms
LibreNMS Cross-site Scripting vulnerability
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
2023-09-15T03:30:19Z Fix available
GHSA-hvpq-7vcc-5hj5
  • Packagist/froala/wysiwyg-editor
Froala Editor Cross-site Scripting vulnerability
  • v4.0.1
  • v4.0.10
  • v4.0.11
  • v4.0.12
  • v4.0.13
  • v4.0.14
  • v4.0.15
  • ...
2023-09-15T00:30:29Z No fix available
GHSA-92jh-gwch-jq38
  • Packagist/pocketmine/pocketmine-mp
  • Packagist/pocketmine/pocketmine-mp
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
  • 5.0.0
  • 5.0.1
  • 5.1.0
  • 5.1.1
  • 5.1.2
  • 5.1.3
  • 5.2.0
  • ...
2023-09-14T17:10:37Z Fix available
GHSA-79rc-jjh6-rc89
  • Packagist/pocketmine/pocketmine-mp
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
  • 5.2.0
  • 5.2.1
  • 5.3.0
2023-09-14T17:10:01Z Fix available