OSV - Open Source Vulnerabilities

GHSA-q745-cfqh-hcrw

Packagist/james-heinrich/phpthumb

phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function

15 hours ago

No fix available
Severity - 4.9 (Medium)

GHSA-7pgw-q3qp-6pgq

Packagist/universal-omega/dynamic-page-list3

DynamicPageList3 vulnerability exposes hidden/suppressed usernames

yesterday

Fix available
Severity - 8.7 (High)

GHSA-j4rj-fgcq-wmqp

Packagist/cockpit-hq/cockpit

Cockpit - Content Platform vulnerable to XSS through name or email argument names

04 Jul

Fix available
Severity - 5.1 (Medium)

GHSA-p85q-mww9-gwqf

Packagist/starcitizentools/short-description

Citizen Short Description stored XSS vulnerability through wikitext

03 Jul

Fix available
Severity - 8.6 (High)

GHSA-p9qc-8jjx-g8cg

Packagist/bolt/bolt

Bolt CMS vulnerable to authenticated remote code execution

03 Jul

No fix available
Severity - 7.5 (High)

GHSA-prmv-7r8c-794g

Packagist/starcitizentools/citizen-skin

Citizen vulnerable to Stored XSS through short descriptions

03 Jul

Fix available
Severity - 8.6 (High)

GHSA-rq6g-6g94-jfr4

Packagist/starcitizentools/citizen-skin

starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions

03 Jul

Fix available
Severity - 8.6 (High)

GHSA-j64v-xh5w-8hqj

Packagist/microweber/microweber

Microweber CMS API has authenticated local file inclusion vulnerability

02 Jul

Fix available
Severity - 6.1 (Medium)

GHSA-jfj7-249r-7j2m

Packagist/starcitizentools/tabber-neue

TabberNeue vulnerable to Stored XSS through wikitext

27 Jun

Fix available
Severity - 8.6 (High)

GHSA-277f-37gw-9gmq

Packagist/billz/raspap-webgui

raspap-webgui has a Directory Traversal vulnerability

27 Jun

Fix available
Severity - 7.7 (High)

GHSA-mrph-pjv2-34f4

Packagist/juzaweb/cms

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components

27 Jun

No fix available
Severity - 2.1 (Low)

GHSA-rq7x-cfmc-rq3w

Packagist/juzaweb/cms

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

27 Jun

No fix available
Severity - 2.1 (Low)

GHSA-cgvv-3455-824j

Packagist/moodle/moodle

Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter

24 Jun

Fix available
Severity - 4.2 (Medium)

GHSA-24wv-6c99-f843

Packagist/pterodactyl/panel

Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

19 Jun

Fix available
Severity - 10.0 (Critical)

GHSA-x3c7-22c8-prg7

Packagist/handcraftedinthealps/goodby-csv

handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution

13 Jun

Fix available
Severity - 3.9 (Low)

GHSA-9qv6-4pwm-m68f

Packagist/ibexa/fieldtype-richtext

Ibexa RichText Field Type XSS vulnerabilities in back office

13 Jun

Fix available
Severity - 6.1 (Medium)