Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-27gv-mg7w-mm34
  • Packagist/shopware/platform
 Shopware race condition bypasses voucher restrictions 11 hours ago
  • No fix available
  • Severity - 6.0 (Medium)
GHSA-4pcg-pjp5-3mc6
  • Packagist/concrete5/concrete5
 Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page 20 hours ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-c5xf-rmv4-j85h
  • Packagist/concrete5/concrete5
 Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page 20 hours ago
  • Fix available
  • Severity - 2.0 (Low)
GHSA-mrwc-mvr8-9xq5
  • Packagist/topthink/framework
 ThinkPHP Path Traversal Vulnerability yesterday
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-jxhh-4648-vpp3
  • Packagist/setasign/fpdi
 FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service yesterday
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-vf2r-cxg9-p7rf
  • Packagist/adodb/adodb-php
 The ADOdb sqlite3 driver allows SQL injection 2 days ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-2x2j-3c2v-g3c2
  • Packagist/microweber/microweber
 Microweber XSS Vulnerability in the homepage Endpoint 5 days ago
  • No fix available
  • Severity - 5.1 (Medium)
GHSA-8357-fjvx-xrm8
  • Packagist/microweber/microweber
 Microweber has Reflected XSS Vulnerability in the id Parameter 5 days ago
  • No fix available
  • Severity - 6.1 (Medium)
GHSA-mvj3-hc7j-vp74
  • Packagist/microweber/microweber
 Microweber has Reflected XSS Vulnerability in the layout Parameter 5 days ago
  • No fix available
  • Severity - 6.1 (Medium)
GHSA-782f-gxj5-xvqc
  • Packagist/microweber/microweber
 Microweber Has Stored XSS Vulnerability in User Profile Fields 6 days ago
  • No fix available
  • Severity - 1.9 (Low)
GHSA-hq25-vp56-qr86
  • Packagist/bacula-web/bacula-web
 Bacula-web SQL Injection Vulnerability 29 Jul
  • Fix available
  • Severity - 8.1 (High)
GHSA-w832-w3p8-cw29
  • Packagist/z-push/z-push-dev
 z-push/z-push-dev SQL Injection Vulnerability 29 Jul
  • Fix available
  • Severity - 7.9 (High)
GHSA-9952-gv64-x94c
  • Packagist/codeigniter4/framework
 CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability 28 Jul
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-9jr9-8ff3-m894
  • npm/@haxtheweb/haxcms-nodejs
  • Packagist/elmsln/haxcms
 HAX CMS API Lacks Authorization Checks 25 Jul
  • Fix available
  • Severity - 8.3 (High)
GHSA-rc5f-3hfv-jxp2
  • Packagist/in2code/femanager
 Femanager extension for TYPO3 allows Insecure Direct Object Reference 22 Jul
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-x769-3cwv-f8hc
  • Packagist/in2code/powermail
 Powermail extension for TYPO3 allows Insecure Direct Object Reference 22 Jul
  • Fix available
  • Severity - 6.0 (Medium)
Load more...