OSV - Open Source Vulnerabilities

GHSA-pgcq-8grm-5rx9

Packagist/paymenter/paymenter

Paymenter has race condition in payWithCredit() that enables credit double-spend

30 minutes ago

Fix available
Severity - 5.3 (Medium)

GHSA-h8vq-8gpg-mhcg

Packagist/twig/twig

Twig: Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`

57 minutes ago

Fix available

GHSA-8x9c-rmqh-456c

Packagist/twig/twig

Twig: Sandbox `__toString()` policy bypass via `Traversable` in `join` and `replace` filters

58 minutes ago

Fix available

GHSA-5v5v-ww74-355v

Packagist/twig/twig

Twig: Sandbox `__toString()` policy bypass via dynamic mapping keys

58 minutes ago

Fix available

GHSA-p42q-9prx-q5wq

Packagist/twig/twig

Twig: Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`

59 minutes ago

Fix available

GHSA-5q4q-834j-g8g4

Packagist/paymenter/paymenter

Paymenter has URL parameter injection that bypasses paid plan limits at checkout

2 hours ago

Fix available
Severity - 8.5 (High)

GHSA-7mqq-4v55-88gh

Packagist/statamic/cms

Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

3 days ago

Fix available
Severity - 3.5 (Low)

GHSA-h77m-qrj7-jxcw

Packagist/statamic/cms

Statamic Vulnerable to CSV formula injection in form submission exports

3 days ago

Fix available
Severity - 6.1 (Medium)

GHSA-v5c4-wcpj-x73m

Packagist/statamic/cms

Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)

3 days ago

Fix available
Severity - 4.9 (Medium)

GHSA-7vfx-4246-jcfh

Packagist/solidinvoice/solidinvoice

SolidInvoice: IDOR in LiveComponent allows same-company cross-user access to API tokens and notification transport settings

3 days ago

Fix available
Severity - 8.9 (High)

GHSA-m92m-r54r-x8r2

Packagist/statamic/cms

Statamic CMS's unsafe method invocation via collection sorting allows data destruction

3 days ago

Fix available
Severity - 7.4 (High)

GHSA-2497-6pwj-pwg7

Packagist/statamic/cms

Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources

3 days ago

Fix available
Severity - 4.3 (Medium)

GHSA-x8g9-h984-pc36

Packagist/pontedilana/php-weasyprint

PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

3 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-5g9f-cwwg-4p8g

Packagist/pontedilana/php-weasyprint

PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles

3 days ago

Fix available
Severity - 3.0 (Low)

GHSA-2fmj-p74r-3wjm

Packagist/pontedilana/php-weasyprint

PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

3 days ago

Fix available
Severity - 8.1 (High)

GHSA-mmj8-wcvw-6789

Packagist/aimeos/pagible

Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy

3 days ago

Fix available
Severity - 3.0 (Low)