OSV - Open Source Vulnerabilities

GHSA-w34w-fvp3-68xm

Packagist/yeswiki/yeswiki

Yeswiki Path Traversal vulnerability allows arbitrary read of files

19 hours ago

Fix available
Severity - 8.6 (High)

GHSA-2qph-q8xw-gv7q

Packagist/drupal/core

Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

yesterday

Fix available
Severity - 4.5 (Medium)

GHSA-m4wj-hhwj-47qp

Packagist/drupal/core

Drupal Core Cross-Site Scripting (XSS) Vulnerability

yesterday

Fix available
Severity - 1.3 (Low)

GHSA-wpp8-fjgf-pwc7

Packagist/drupal/core

Drupal Core Vulnerable to Forceful Browsing

yesterday

Fix available
Severity - 5.3 (Medium)

GHSA-xfqf-5rhg-5c73

Packagist/concrete5/concrete5

ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field

2 days ago

No fix available
Severity - 5.1 (Medium)

GHSA-24cf-848g-762c

Packagist/shopxo/shopxo

ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS)

4 days ago

No fix available
Severity - 6.5 (Medium)

GHSA-gfhv-5rqh-7qx3

Packagist/shopxo/shopxo

ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings

4 days ago

No fix available
Severity - 6.3 (Medium)

GHSA-p736-g6pg-hjhw

Packagist/shopxo/shopxo

ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload

4 days ago

No fix available
Severity - 6.3 (Medium)

GHSA-v2rr-fhv8-mx74

Packagist/digimix/wp-svg-upload

wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting

26 Mar

No fix available
Severity - 4.8 (Medium)

GHSA-7287-grhx-542x

Packagist/pixelfed/pixelfed

Pixelfed may allow unauthorized actor to view private posts and private users

25 Mar

Fix available
Severity - 4.3 (Medium)

GHSA-7mxx-3cgm-xxv3

Packagist/api-platform/core

API Platform Core does not call GraphQl securityAfterResolver

24 Mar

Fix available
Severity - 4.4 (Medium)

GHSA-88m2-j94x-v4fx

Packagist/yiisoft/yii2-dev

yiisoft Yii2 Deserialization of Untrusted Data

24 Mar

No fix available
Severity - 5.3 (Medium)

GHSA-hxg4-65p5-9w37

Packagist/sylius/paypal-plugin

Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

19 Mar

Fix available
Severity - 6.5 (Medium)

GHSA-vmgw-24w6-9v82

Packagist/clickstorm/cs-seo

Clickstorm SEO Allows Cross-Site Scripting (XSS)

19 Mar

Fix available
Severity - 6.3 (Medium)

GHSA-rrh3-cgmx-w62f

Packagist/codingms/additional-tca

Additional TCA Allows Cross-Site Scripting (XSS)

19 Mar

Fix available
Severity - 5.5 (Medium)

GHSA-vqqr-fgmh-f626

Packagist/contao/core-bundle

Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads

18 Mar

Fix available
Severity - 4.8 (Medium)