OSV - Open Source Vulnerabilities

GHSA-x6vr-q3vf-vqgq

Packagist/redaxo/source

REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

2 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-68q5-78xp-cwwc

Packagist/contao/core-bundle

Contao is vulnerable to cross-site scripting in templates

2 days ago

Fix available
Severity - 3.3 (Low)

GHSA-98vj-mm79-v77r

Packagist/contao/core-bundle

Contao is vulnerable to remote code execution in template closures

2 days ago

Fix available
Severity - 6.6 (Medium)

GHSA-vqc7-7fj4-3fm3

Packagist/redaxo/source

REDAXO CMS is vulnerable to XSS through its module management component

3 days ago

Fix available
Severity - 4.8 (Medium)

GHSA-xj9j-gjxg-7jvq

Packagist/redaxo/source

REDAXO CMS is vulnerable to RCE attack through its template management component

3 days ago

Fix available
Severity - 7.2 (High)

GHSA-7j46-f57w-76pj

Packagist/getformwork/formwork

Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

3 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-8x9v-8qgj-945x

Packagist/snipe/snipe-it

Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow

20 Nov

No fix available
Severity - 5.2 (Medium)

GHSA-g6xh-wrpf-v6j6

Packagist/phppgadmin/phppgadmin

phppgadmin contains a SQL injection vulnerability

20 Nov

No fix available
Severity - 6.5 (Medium)

GHSA-r63p-v37q-g74c

Packagist/phppgadmin/phppgadmin

phppgadmin contains an incorrect access control vulnerability

20 Nov

No fix available
Severity - 6.1 (Medium)

GHSA-927w-vq5c-8gc3

Packagist/phppgadmin/phppgadmin

phppgadmin contains a SQL injection vulnerability

20 Nov

No fix available
Severity - 6.5 (Medium)

GHSA-h369-cpjj-qfff

Packagist/phppgadmin/phppgadmin

phppgadmin vulnerable to Cross-site Scripting

20 Nov

No fix available
Severity - 2.1 (Low)

GHSA-2jm2-2p35-rp3j

Packagist/devcode-it/openstamanager

OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

19 Nov

Fix available
Severity - 8.8 (High)

GHSA-mwcc-7vpp-xmv9

Packagist/mongodb/mongodb-extension

MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory

19 Nov

Fix available
Severity - 6.9 (Medium)

GHSA-6pmj-xjxp-p8g9

Packagist/librenms/librenms

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

18 Nov

No fix available
Severity - 5.5 (Medium)

GHSA-ffpg-gm3h-4p5p

Packagist/backdrop/backdrop

Backdrop CMS Host Header Injection vulnerability

18 Nov

No fix available
Severity - 6.9 (Medium)

GHSA-83v7-c2cf-p9c2

Packagist/drupal/core

Drupal core allows Forceful Browsing

18 Nov

Fix available
Severity - 2.7 (Low)