OSV - Open Source Vulnerabilities

GHSA-fqx6-693c-f55g

Packagist/librenms/librenms

LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()

11 hours ago

Fix available
Severity - 5.4 (Medium)

GHSA-93fx-g747-695x

Packagist/librenms/librenms

LibreNMS /port-groups name Stored Cross-Site Scripting

11 hours ago

Fix available
Severity - 5.1 (Medium)

GHSA-5pqf-54qp-32wx

Packagist/librenms/librenms

LibreNMS /device-groups name Stored Cross-Site Scripting

11 hours ago

Fix available
Severity - 5.1 (Medium)

GHSA-g7vw-f8p5-c728

Packagist/pterodactyl/panel

Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

yesterday

Fix available
Severity - 9.2 (Critical)

GHSA-hr7j-63v7-vj7g

Go/github.com/pterodactyl/wings
Packagist/pterodactyl/panel

Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

yesterday

Fix available
Severity - 7.5 (High)

GHSA-78wq-6gcv-w28r

Packagist/idno/known

Known affected by Account Takeover via Password Reset Token Leakage

5 days ago

Fix available
Severity - 9.8 (Critical)

GHSA-r33w-fg8j-9c94

Packagist/cesargb/laravel-magiclink

MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

6 days ago

Fix available
Severity - 8.8 (High)

GHSA-ff9r-ww9c-43x8

Packagist/statamic/cms

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

11 Feb

Fix available
Severity - 8.7 (High)

DRUPAL-CONTRIB-2026-010

Packagist:https://packages.drupal.org/8/drupal/ui_icons

See record for full details

11 Feb

Fix available

GHSA-gwmx-9gcj-332h

Packagist/statamic/cms

Statamic CMS's missing authorization allows access to assets

11 Feb

Fix available
Severity - 4.3 (Medium)

DRUPAL-CONTRIB-2026-009

Packagist:https://packages.drupal.org/8/drupal/quickedit

See record for full details

11 Feb

Fix available

GHSA-9278-6hcj-2p4j

Packagist/kimai/kimai

Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

11 Feb

Fix available
Severity - 5.1 (Medium)

GHSA-gcpq-mrgg-v5f3

Packagist/phraseanet/phraseanet

Phraseanet vulnerable to stored cross-site scripting through crafted file names

11 Feb

No fix available
Severity - 5.1 (Medium)

GHSA-8grv-jq2g-cfhw

Packagist/amphp/http-server

amphp/http-server affected by HTTP/2 DDoS vulnerability

10 Feb

Fix available
Severity - 5.3 (Medium)

GHSA-q4f2-39gr-45jh

Packagist/vrana/adminer

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

10 Feb

Fix available
Severity - 7.5 (High)

GHSA-f339-246p-wwjp

Packagist/frosh/adminer-platform

FroshAdminer Adminer UI is accessible without admin session

10 Feb

Fix available
Severity - 6.9 (Medium)