OSV - Open Source Vulnerabilities

GHSA-hcch-w73c-jp4m

Packagist/statamic/cms

Statamic vulnerable to privilege escalation via stored cross-site scripting

11 hours ago

Fix available
Severity - 5.4 (Medium)

GHSA-r353-4845-pr5p

Packagist/simplesamlphp/xml-security

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

11 hours ago

Fix available
Severity - 8.2 (High)

GHSA-4v26-v6cg-g6f9

Packagist/robrichards/xmlseclibs

xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

11 hours ago

Fix available
Severity - 8.2 (High)

GHSA-pgpf-m8m4-6cg6

Packagist/winter/wn-backend-module

Winter vulnerable to privilege escalation by authenticated backend users

yesterday

Fix available
Severity - 9.9 (Critical)

GHSA-c4p7-rwrg-pf6p

Packagist/shopware/core
Packagist/shopware/platform

Shopware vulnerable to a potential take over of app credentials

2 days ago

Fix available
Severity - 8.9 (High)

GHSA-gqc5-xv7m-gcjq

Packagist/shopware/core
Packagist/shopware/platform

Shopware has user enumeration via distinct error codes on Store API login endpoint

2 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-7vvp-j573-5584

Packagist/shopware/core
Packagist/shopware/platform

Shopware: Unauthenticated data extraction possible through store-api.order endpoint

2 days ago

Fix available
Severity - 8.9 (High)

DRUPAL-CONTRIB-2026-029

Packagist:https://packages.drupal.org/8/drupal/unpublished_node_permissions

See record for full details

2 days ago

Fix available

DRUPAL-CONTRIB-2026-028

Packagist:https://packages.drupal.org/8/drupal/ai

See record for full details

2 days ago

Fix available

GHSA-g3hp-vvqf-8vw6

Packagist/craftcms/cms

Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page

2 days ago

Fix available
Severity - 1.8 (Low)

GHSA-fp5j-j7j4-mcxc

Packagist/craftcms/cms

CraftCMS has an RCE vulnerability via relational conditionals in the control panel

2 days ago

Fix available
Severity - 8.1 (High)

GHSA-g7j6-fmwx-7vp8

Packagist/craftcms/cms

CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

3 days ago

Fix available
Severity - 8.7 (High)

GHSA-fvwq-45qv-xvhv

Packagist/craftcms/cms

CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization

3 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-xcwx-r2gw-w93m

Packagist/sylius/sylius

Sylius has a DQL Injection via API Order Filters

3 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-7mp4-25j8-hp5q

Packagist/sylius/sylius

Sylius has a Promotion Usage Limit Bypass via Race Condition

3 days ago

Fix available
Severity - 8.2 (High)

GHSA-mx4q-xxc9-pf5q

Packagist/sylius/sylius

Sylius Vulnerable to Authenticated Stored XSS

3 days ago

Fix available
Severity - 4.8 (Medium)