OSV - Open Source Vulnerabilities

GHSA-rc5f-3hfv-jxp2

Packagist/in2code/femanager

Femanager extension for TYPO3 allows Insecure Direct Object Reference

2 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-x769-3cwv-f8hc

Packagist/in2code/powermail

Powermail extension for TYPO3 allows Insecure Direct Object Reference

2 days ago

Fix available
Severity - 6.0 (Medium)

GHSA-54vw-f4xf-f92j

npm/@haxtheweb/haxcms-nodejs
Packagist/elmsln/haxcms

HAX CMS application pages vulnerable to clickjacking

3 days ago

Fix available
Severity - 4.3 (Medium)

GHSA-gq96-8w38-hhj2

Packagist/librenms/librenms

LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE

3 days ago

Fix available
Severity - 7.5 (High)

GHSA-49xw-hw94-fmv2

Packagist/dolibarr/dolibarr

Dolibarr has Remote Code Execution Vulnerability (Bypass)

3 days ago

No fix available
Severity - 8.8 (High)

GHSA-96c2-h667-9fxp

Packagist/marshmallow/nova-tiptap
Packagist/manogi/nova-tiptap

nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability

3 days ago

Fix available
Severity - 9.3 (Critical)

GHSA-r7q6-6fmq-mx4c

Packagist/simogeo/filemanager

Filemanager is vulnerable to Relative Path Traversal through filemanager.php

6 days ago

No fix available
Severity - 6.5 (Medium)

GHSA-m5hw-rhvr-f47c

Packagist/simogeo/filemanager

simogeo/filemanager arbitrary file upload vulnerability

6 days ago

No fix available
Severity - 9.8 (Critical)

GHSA-29cq-5w36-x7w3

Packagist/livewire/livewire

Livewire is vulnerable to remote command execution during component property update hydration

17 Jul

Fix available
Severity - 9.2 (Critical)

GHSA-jv7x-xhv2-p5v2

Packagist/binarytorch/larecipe

LaRecipe is vulnerable to Server-Side Template Injection attacks

14 Jul

Fix available
Severity - 10.0 (Critical)

GHSA-q745-cfqh-hcrw

Packagist/james-heinrich/phpthumb

phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function

11 Jul

No fix available
Severity - 4.9 (Medium)

GHSA-7pgw-q3qp-6pgq

Packagist/universal-omega/dynamic-page-list3

DynamicPageList3 vulnerability exposes hidden/suppressed usernames

10 Jul

Fix available
Severity - 8.7 (High)

GHSA-j4rj-fgcq-wmqp

Packagist/cockpit-hq/cockpit

Cockpit - Content Platform vulnerable to XSS through name or email argument names

04 Jul

Fix available
Severity - 5.1 (Medium)

GHSA-p85q-mww9-gwqf

Packagist/starcitizentools/short-description

Citizen Short Description stored XSS vulnerability through wikitext

03 Jul

Fix available
Severity - 8.6 (High)

GHSA-p9qc-8jjx-g8cg

Packagist/bolt/bolt

Bolt CMS vulnerable to authenticated remote code execution

03 Jul

No fix available
Severity - 7.5 (High)

GHSA-prmv-7r8c-794g

Packagist/starcitizentools/citizen-skin

Citizen vulnerable to Stored XSS through short descriptions

03 Jul

Fix available
Severity - 8.6 (High)