Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-346h-749j-r28w
  • Packagist/mdanter/ecc
 PHPECC vulnerable to multiple cryptographic side-channel attacks
  • 0.2.0
  • v0.3.0
  • v0.3.1
  • v0.3.2
  • v0.4.0
  • v0.4.1
  • v0.4.2
  • ...
 2024-04-25T18:31:58Z No fix available
GHSA-vjwg-28gv-pm8h
  • Packagist/pimcore/pimcore
 Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
  • v11.0.0
  • v11.0.0-ALPHA1
  • v11.0.0-ALPHA2
  • v11.0.0-ALPHA3
  • v11.0.0-ALPHA4
  • v11.0.0-ALPHA5
  • v11.0.0-ALPHA6
  • ...
 2024-04-24T17:02:33Z Fix available
GHSA-qh9w-r7g5-q939
  • Packagist/zendframework/zendframework1
  • Packagist/zendframework/zend-db
  • Packagist/zendframework/zendframework
 Zend Framework SQL injection vulnerability
  • 1.12.0
  • 1.12.1
  • 1.12.2
  • 1.12.3
  • 1.12.4
  • 1.12.5
  • 1.12.6
  • ...
 2024-04-23T22:39:03Z Fix available
GHSA-297x-j9pm-xjgg
  • Packagist/drupal/core
  • Packagist/drupal/drupal
 Drupal Core Remote Code Execution Vulnerability
  • 8.0.0
  • 8.0.0-beta10
  • 8.0.0-beta11
  • 8.0.0-beta12
  • 8.0.0-beta13
  • 8.0.0-beta14
  • 8.0.0-beta15
  • ...
 2024-04-23T22:36:09Z Fix available
GHSA-mw82-6m2g-qh6c
  • Packagist/sylius/sylius
 Sylius Cross Site Scripting (XSS) vulnerability
  • v0.1.0
  • v0.10.0
  • v0.11.0
  • v0.12.0
  • v0.13.0
  • v0.14.0
  • v0.15.0
  • ...
 2024-04-22T21:31:00Z No fix available
GHSA-jh57-j3vq-h438
  • Packagist/librenms/librenms
 LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
 2024-04-22T18:37:35Z Fix available
GHSA-72m9-7c8x-pmmw
  • Packagist/librenms/librenms
 LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
 2024-04-22T18:37:27Z Fix available
GHSA-cwx6-cx7x-4q34
  • Packagist/librenms/librenms
 LibreNMS vulnerable to SQL injection time-based leads to database extraction
  • 1.19
  • 1.20
  • 1.20.1
  • 1.21
  • 1.22
  • 1.22.01
  • 1.23
  • ...
 2024-04-22T18:37:21Z Fix available
GHSA-mx3p-fhpw-x6rv
  • Packagist/tecnickcom/tcpdf
 TCPDF vulnerable to Regular Expression Denial of Service
  • 6.0.013
  • 6.0.014
  • 6.0.015
  • 6.0.016
  • 6.0.017
  • 6.0.018
  • 6.0.019
  • ...
 2024-04-19T18:31:11Z No fix available
GHSA-7947-48q7-cp5m
Dolibarr Application Home Page has HTML injection vulnerability
  • 18.0.4
 2024-04-18T16:42:32Z No fix available
GHSA-6ppg-rgrg-f573
  • Packagist/dolibarr/dolibarr
 Dolibarr vulnerable to Cross-Site Request Forgery
  • 10.0.0
  • 10.0.1
  • 10.0.2
  • 10.0.3
  • 10.0.4
  • 10.0.5
  • 10.0.6
  • ...
 2024-04-17T00:30:57Z No fix available
GHSA-g9wg-98c2-qv3v
  • Packagist/tecnickcom/tcpdf
 TCPDF Cross-site Scripting vulnerability
  • 6.0.013
  • 6.0.014
  • 6.0.015
  • 6.0.016
  • 6.0.017
  • 6.0.018
  • 6.0.019
  • ...
 2024-04-15T06:30:35Z Fix available
GHSA-chcp-g9j5-3xxx
  • Packagist/winter/wn-dusk-plugin
 Dusk plugin may allow unfettered user authentication in misconfigured installs
  • v2.0.0
 2024-04-12T21:26:01Z Fix available
GHSA-mgv8-w49f-822w
  • Packagist/mautic/core
 Mautic: MST-48 Server-Side Request Forgery in Asset section
  • 1.0.0
  • 1.0.0-beta4
  • 1.0.0-rc1
  • 1.0.0-rc2
  • 1.0.0-rc3
  • 1.0.0-rc4
  • 1.0.1
  • ...
 2024-04-12T21:25:18Z Fix available
GHSA-qjx3-2g35-6hv8
  • Packagist/mautic/core
 Mautic Sensitive Data Exposure due to inadequate user permission settings
  • 1.0.2
  • 1.0.3
  • 1.0.4
  • 1.0.5
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • ...
 2024-04-12T17:28:52Z Fix available
GHSA-jj6w-2cqg-7p94
  • Packagist/mautic/core
 Mautic SQL Injection in dynamic Reports
  • 2.14.1
  • 2.14.2
  • 2.14.2-beta
  • 2.15.0
  • 2.15.0-beta
  • 2.15.1
  • 2.15.1-beta
  • ...
 2024-04-12T17:25:15Z Fix available
Load more...