Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-3rg7-wf37-54rm
  • Packagist/symfony/http-foundation
  • Packagist/symfony/symfony
 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass 2 days ago
  • Fix available
  • Severity - 7.3 (High)
DRUPAL-CORE-2025-006
  • Packagist/drupal/core
 See record for full details 2 days ago
  • Fix available
DRUPAL-CORE-2025-005
  • Packagist/drupal/core
 See record for full details 2 days ago
  • Fix available
DRUPAL-CORE-2025-008
  • Packagist/drupal/core
 See record for full details 2 days ago
  • Fix available
GHSA-4rwr-8c3m-55f6
  • Packagist/torrentpier/torrentpier
 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter 4 days ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-qv78-c8hc-438r
  • Packagist/openmage/magento-lts
 OpenMage vulnerable to XSS in Admin Notifications 03 Nov
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-g582-8vwr-68h2
  • Packagist/mantisbt/mantisbt
 MantisBT unauthorized disclosure of private project column configuration 03 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-q747-c74m-69pr
  • Packagist/mantisbt/mantisbt
 MantisBT lacks verification when changing a user's email address 03 Nov
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-r3jf-hm7q-qfw5
  • Packagist/mantisbt/mantisbt
 MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length 03 Nov
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-4v8w-gg5j-ph37
  • Packagist/mantisbt/mantisbt
 MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling 03 Nov
  • Fix available
  • Severity - 8.8 (High)
GHSA-g59r-24g3-h7cm
  • Packagist/statamic/cms
 Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation 30 Oct
  • Fix available
  • Severity - 8.0 (High)
GHSA-h72q-cq3w-h3wc
  • Packagist/drupal/civictheme
 Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) 30 Oct
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-jqmq-fpwv-p925
  • Packagist/drupal/simple_oauth
 Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass 30 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-x957-32v9-m7vg
  • Packagist/drupal/acquia_dam
 Drupal Acquia DAM allows Forceful Browsing 30 Oct
  • Fix available
  • Severity - 7.5 (High)
GHSA-27fv-rpgj-4c6m
  • Packagist/drupal/currency
 Drupal Currency allows Cross Site Request Forgery 30 Oct
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-27mc-9399-r9mx
  • Packagist/drupal/access_code
 Drupal Access code allows Brute Force Attempts 30 Oct
  • Fix available
  • Severity - 6.3 (Medium)
Load more...