OSV - Open Source Vulnerabilities

GHSA-hr7j-63v7-vj7g

Go/github.com/pterodactyl/wings
Packagist/pterodactyl/panel

Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

19 hours ago

Fix available
Severity - 7.5 (High)

GHSA-rfq9-4wcm-64gh

Packagist/directorytree/imapengine

ImapEngine affected by command injection via the ID command parameters

4 days ago

Fix available
Severity - 5.7 (Medium)

GHSA-78wq-6gcv-w28r

Packagist/idno/known

Known affected by Account Takeover via Password Reset Token Leakage

4 days ago

Fix available
Severity - 9.8 (Critical)

GHSA-r33w-fg8j-9c94

Packagist/cesargb/laravel-magiclink

MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

5 days ago

Fix available
Severity - 8.8 (High)

GHSA-ff9r-ww9c-43x8

Packagist/statamic/cms

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

6 days ago

Fix available
Severity - 8.7 (High)

DRUPAL-CONTRIB-2026-010

Packagist:https://packages.drupal.org/8/drupal/ui_icons

See record for full details

6 days ago

Fix available

GHSA-gwmx-9gcj-332h

Packagist/statamic/cms

Statamic CMS's missing authorization allows access to assets

6 days ago

Fix available
Severity - 4.3 (Medium)

DRUPAL-CONTRIB-2026-009

Packagist:https://packages.drupal.org/8/drupal/quickedit

See record for full details

6 days ago

Fix available

GHSA-9278-6hcj-2p4j

Packagist/kimai/kimai

Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

6 days ago

Fix available
Severity - 5.1 (Medium)

GHSA-8grv-jq2g-cfhw

Packagist/amphp/http-server

amphp/http-server affected by HTTP/2 DDoS vulnerability

10 Feb

Fix available
Severity - 5.3 (Medium)

GHSA-q4f2-39gr-45jh

Packagist/vrana/adminer

Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

10 Feb

Fix available
Severity - 7.5 (High)

GHSA-f339-246p-wwjp

Packagist/frosh/adminer-platform

FroshAdminer Adminer UI is accessible without admin session

10 Feb

Fix available
Severity - 6.9 (Medium)

GHSA-7jx7-3846-m7w7

Packagist/craftcms/cms

Craft CMS Vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

09 Feb

Fix available
Severity - 8.6 (High)

GHSA-fxp3-g6gw-4r4v

Packagist/craftcms/cms

Craft CMS: GraphQL Asset Mutation Privilege Escalation

09 Feb

Fix available
Severity - 8.6 (High)

GHSA-9f5h-mmq6-2x78

Packagist/craftcms/cms

Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields

09 Feb

Fix available
Severity - 4.8 (Medium)

GHSA-2453-mppf-46cj

Packagist/craftcms/cms

Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

09 Feb

Fix available
Severity - 8.7 (High)