Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pgpf-m8m4-6cg6
  • Packagist/winter/wn-backend-module
 Winter vulnerable to privilege escalation by authenticated backend users 16 hours ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-c4p7-rwrg-pf6p
  • Packagist/shopware/core
  • Packagist/shopware/platform
 Shopware vulnerable to a potential take over of app credentials yesterday
  • Fix available
  • Severity - 8.9 (High)
GHSA-gqc5-xv7m-gcjq
  • Packagist/shopware/core
  • Packagist/shopware/platform
 Shopware has user enumeration via distinct error codes on Store API login endpoint yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-7vvp-j573-5584
  • Packagist/shopware/core
  • Packagist/shopware/platform
 Shopware: Unauthenticated data extraction possible through store-api.order endpoint yesterday
  • Fix available
  • Severity - 8.9 (High)
DRUPAL-CONTRIB-2026-029
  • Packagist:https://packages.drupal.org/8/drupal/unpublished_node_permissions
 See record for full details yesterday
  • Fix available
DRUPAL-CONTRIB-2026-028
  • Packagist:https://packages.drupal.org/8/drupal/ai
 See record for full details yesterday
  • Fix available
GHSA-g3hp-vvqf-8vw6
  • Packagist/craftcms/cms
 Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page yesterday
  • Fix available
  • Severity - 1.8 (Low)
GHSA-fp5j-j7j4-mcxc
  • Packagist/craftcms/cms
 CraftCMS has an RCE vulnerability via relational conditionals in the control panel yesterday
  • Fix available
  • Severity - 8.1 (High)
GHSA-g7j6-fmwx-7vp8
  • Packagist/craftcms/cms
 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-fvwq-45qv-xvhv
  • Packagist/craftcms/cms
 CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-xcwx-r2gw-w93m
  • Packagist/sylius/sylius
 Sylius has a DQL Injection via API Order Filters 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-7mp4-25j8-hp5q
  • Packagist/sylius/sylius
 Sylius has a Promotion Usage Limit Bypass via Race Condition 2 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-mx4q-xxc9-pf5q
  • Packagist/sylius/sylius
 Sylius Vulnerable to Authenticated Stored XSS 2 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-vgh8-c6fp-7gcg
  • Packagist/sylius/sylius
 Sylius has a XSS vulnerability in checkout login form 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-wjmg-4cq5-m8hg
  • Packagist/sylius/sylius
 Sylius is Missing Authorization in API v2 Add Item Endpoint 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-2xc6-348p-c2x6
  • Packagist/sylius/sylius
 Sylius affected by IDOR in Cart and Checkout LiveComponents 2 days ago
  • Fix available
  • Severity - 7.1 (High)
Load more...