OSV - Open Source Vulnerabilities

GHSA-fpx3-h2pc-88vf

Packagist/nasirkhan/laravel-starter

Laravel Starter Cross Site Scripting (XSS)

yesterday

Fix available
Severity - 6.1 (Medium)

GHSA-847x-x4jg-6gf4

Packagist/croogo/croogo

croogo Host header injection

2 days ago

No fix available
Severity - 5.5 (Medium)

GHSA-w7gh-f2fm-9q8r

Packagist/pear/http_request2

PEAR HTTP_Request2 vulnerable to Cross-site Scripting

17 Apr

Fix available
Severity - 5.4 (Medium)

GHSA-qq2h-m2hj-hrff

Packagist/tcg/voyager

DevDojo Voyager Argument Injection vulnerability

14 Apr

No fix available
Severity - 9.1 (Critical)

GHSA-2xm2-23ff-p8ww

Packagist/verbb/formie

Formie has XSS vulnerability for email notification content for preview

11 Apr

Fix available
Severity - 4.6 (Medium)

GHSA-p9hh-mh5x-wvx3

Packagist/verbb/formie

Formie has XSS vulnerability for importing forms

11 Apr

Fix available
Severity - 5.3 (Medium)

GHSA-7r2v-8wxr-3ch5

Packagist/yiisoft/yii

Yii does not prevent XSS in scenarios where fallback error renderer is used

11 Apr

Fix available
Severity - 6.1 (Medium)

GHSA-256q-hx8w-xcqx

Packagist/silverstripe/framework

Silverstripe Framework user enumeration via timing attack on login and password reset forms

10 Apr

Fix available
Severity - 5.3 (Medium)

GHSA-rhx4-hvx9-j387

Packagist/silverstripe/framework

Silverstripe Framework has a XSS vulnerability in HTML editor

10 Apr

Fix available
Severity - 5.4 (Medium)

GHSA-x8xm-c7p8-2pj2

Packagist/dnadesign/silverstripe-elemental

Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report

10 Apr

Fix available
Severity - 5.4 (Medium)

GHSA-cj3w-g42v-wcj6

Packagist/ibexa/fieldtype-richtext

ibexa/fieldtype-richtext allows access to external entities in XML

10 Apr

Fix available
Severity - 7.1 (High)

GHSA-2jqj-5qv2-xvcg

Packagist/ezsystems/ezplatform-richtext

ezsystems/ezplatform-richtext allows access to external entities in XML

10 Apr

Fix available
Severity - 7.1 (High)

GHSA-ggwg-cmwp-46r5

Packagist/yiisoft/yii2

yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

10 Apr

Fix available
Severity - 9.0 (Critical)

GHSA-4h9w-7vfp-px8m

Packagist/shopware/core
Packagist/shopware/platform

Shopware default newsletter opt-in settings allow for mass sign-up abuse

09 Apr

Fix available
Severity - 2.7 (Low)

GHSA-5pm7-cp8f-p2c2

Packagist/wallabag/wallabag

wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

09 Apr

Fix available
Severity - 4.3 (Medium)

GHSA-44v2-prcf-pc3m

Packagist/joomla/database

Joomla Framework Database Package Vulnerable to SQL Injection

08 Apr

Fix available
Severity - 6.9 (Medium)