Vulnerability Database
Blog
FAQ
Vulnerability Library
search
All ecosystems
47257
AlmaLinux
1436
Alpine
3151
Android
674
crates.io
1120
Debian
9217
GitHub Actions
10
Go
1394
Hex
21
Linux
13573
Maven
3527
npm
2930
NuGet
272
OSS-Fuzz
2826
Packagist
1563
Pub
4
PyPI
3988
Rocky Linux
907
RubyGems
644
ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-qpgm-gjgf-8c2x
Packagist/craftcms/cms
Craft CMS XSS in RSS widget feed
4.3.0
4.3.1
4.3.10
4.3.11
4.3.2
4.3.2.1
4.3.3
...
2023-05-30T07:12:20.960765Z
Fix available
GHSA-m6m8-6gq8-c9fj
Packagist/codeigniter4/framework
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
4.0.0
4.0.0-rc.4
v4.0.0-alpha.3
v4.0.0-alpha.4
v4.0.0-alpha.5
v4.0.0-beta.1
v4.0.0-beta.2
...
2023-05-30T06:50:12.229726Z
Fix available
GHSA-3wxg-w96j-8hq9
Packagist/craftcms/cms
Packagist/craftcms/cms
CraftCMS stored XSS in Quick Post widget error message
4.0.0
4.0.0-RC1
4.0.0-RC2
4.0.0-RC3
4.0.0.1
4.0.1
4.0.2
...
2023-05-26T22:05:10.973088Z
Fix available
GHSA-cjmm-x9x9-m2w5
Packagist/craftcms/cms
Craft CMS stored XSS in review volume
4.0.0
4.0.0-RC1
4.0.0-RC2
4.0.0-RC3
4.0.0.1
4.0.1
4.0.2
...
2023-05-26T22:04:58.548183Z
Fix available
GHSA-6qjx-787v-6pxr
Packagist/craftcms/cms
Craft CMS stored XSS in indexedVolumes
4.0.0
4.0.0-RC1
4.0.0-RC2
4.0.0-RC3
4.0.0.1
4.0.1
4.0.2
...
2023-05-26T22:04:08.161075Z
Fix available
GHSA-7x94-jx75-3gh6
Packagist/craftcms/cms
Stored cross site scripting in Craft CMS
1.0.26.1
1.2.0-alpha.2310
1.2.0-alpha.2312
1.2.0-alpha.2316
1.2.0-alpha.2318
1.2.0-alpha.2319
1.2.0-alpha.2322
...
2023-05-26T21:19:22.971437Z
Fix available
GHSA-25fx-3c2q-cq46
Packagist/pimcore/customer-management-framework-bundle
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query
1.0.0
1.0.1
1.3.17
2.4.5
2.5.1
v1.1.0
v1.1.1
...
2023-05-25T21:47:13.112176Z
Fix available
GHSA-w2pm-fr62-jgv4
Packagist/moodle/moodle
Moodle vulnerable to stored Cross-site Scripting
v2.3.10
v2.3.11
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
...
2023-05-25T19:19:23.505546Z
No fix available
GHSA-h538-r9x6-rcmc
Packagist/lavalite/cms
LavaLite vulnerable to Cross Site Scripting
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
...
2023-05-25T19:19:23.469439Z
No fix available
GHSA-j65r-g7q2-f8v3
Packagist/pimcore/customer-management-framework-bundle
Pimcore customers' list user password hash is disclosed
1.0.0
1.0.1
1.3.17
2.4.5
2.5.1
v1.1.0
v1.1.1
...
2023-05-25T17:04:03.802468Z
Fix available
GHSA-vppq-6ff8-2m8w
Packagist/thorsten/phpmyfaq
phpMyFAQ vulnerable to stored Cross-site Scripting
2.10.0-alpha
2.8.0
2.8.0-RC
2.8.0-RC2
2.8.0-RC3
2.8.0-RC4
2.8.0-alpha2
...
2023-05-24T17:52:46.416583Z
Fix available
GHSA-h6jh-cf83-qcq5
Packagist/nilsteampassnet/teampass
Code injection in nilsteampassnet/teampass
2.1.21
2.1.26
2.1.27
3.0.0
3.0.0.10
3.0.0.11
2023-05-24T17:49:12.237169Z
Fix available
GHSA-j657-pjgc-c4h6
Packagist/thorsten/phpmyfaq
phpMyFAQ vulnerable to stored Cross-site Scripting
2.10.0-alpha
2.8.0
2.8.0-RC
2.8.0-RC2
2.8.0-RC3
2.8.0-RC4
2.8.0-alpha2
...
2023-05-24T17:34:04.966176Z
Fix available
GHSA-94q4-v5g6-qp7x
Packagist/lavalite/cms
LavaLite CMS vulnerable to host header injection attack
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
...
2023-05-23T22:45:49.241569Z
No fix available
GHSA-95x4-j7vc-h8mf
Packagist/react/http
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
...
2023-05-22T21:48:30.354432Z
Fix available
GHSA-6vcf-cfjp-qxcw
Packagist/lavalite/cms
LavaLite vulnerable to web cache poisoning
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
...
2023-05-22T21:48:18.257684Z
No fix available
Load more...
Packagist - OSV