Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
  • H
Command Injection
Affects dreamfactory/df-core | Versions <1.0.10
Has fix
ComposerPublished 24 Dec 2025
  • H
Arbitrary File Upload
Affects cadmium-org/cadmium-cms | Versions >=0.0.0
Has fix
ComposerPublished 24 Dec 2025
  • M
Cross-site Scripting (XSS)
Affects simplemachines/smf | Versions >=0.0.0
Has fix
ComposerPublished 21 Dec 2025
  • M
CSV Injection
Affects thorsten/phpmyfaq | Versions <3.1.16
Has fix
ComposerPublished 19 Dec 2025
  • M
Cross-site Scripting (XSS)
Affects roundcube/roundcubemail | Versions <1.5.12>=1.6.0, <1.6.12
Has fix
ComposerPublished 19 Dec 2025
  • M
Improper Encoding or Escaping of Output
Affects roundcube/roundcubemail | Versions <1.5.12>=1.6.0, <1.6.12
Has fix
ComposerPublished 19 Dec 2025
  • M
Use of a Broken or Risky Cryptographic Algorithm
Affects aws/aws-sdk-php | Versions <3.368.0
Has fix
ComposerPublished 18 Dec 2025
  • H
Incorrect Authorization
Affects auth0/auth0-php | Versions >=8.0.0, <8.18.0
Has fix
ComposerPublished 18 Dec 2025
  • H
Authorization Bypass Through User-Controlled Key
Affects pagekit/pagekit | Versions >=0.8.8
Has fix
ComposerPublished 17 Dec 2025
  • C
Improper Authorization
Affects potsky/pimp-my-log | Versions >=0.0.0
Has fix
ComposerPublished 17 Dec 2025
  • M
Improper Verification of Cryptographic Signature
Affects altcha-org/altcha | Versions <1.3.1
Has fix
ComposerPublished 17 Dec 2025
  • M
Arbitrary File Upload
Affects soosyze/soosyze | Versions >=1.0.0-alpha1
Has fix
ComposerPublished 16 Dec 2025
  • M
Server-side Request Forgery (SSRF)
Affects getgrav/grav | Versions >=0.8.0
Has fix
ComposerPublished 16 Dec 2025
  • M
Cross-site Scripting (XSS)
Affects getgrav/grav | Versions >=0.8.0
Has fix
ComposerPublished 16 Dec 2025
  • H
Arbitrary File Upload
Affects elkarte/elkarte | Versions >=0.0.0
Has fix
ComposerPublished 14 Dec 2025
  • C
Incorrect Permission Assignment for Critical Resource
Affects xmo/mine-core | Versions >=0.0.0
Has fix
ComposerPublished 14 Dec 2025
  • M
PHP Remote File Inclusion
Affects fof/pretty-mail | Versions >=0.0.0
Has fix
ComposerPublished 14 Dec 2025
  • H
Improper Neutralization of Special Elements Used in a Template Engine
Affects fof/pretty-mail | Versions >=0.0.0
Has fix
ComposerPublished 14 Dec 2025
  • M
Cross-site Scripting (XSS)
Affects johnpbloch/wordpress-core | Versions <4.7.31>=4.8.0, <4.8.27>=4.9.0, <4.9.28>=5.0.0, <5.0.24>=5.1.0, <5.1.21>=5.2.0, <5.2.23>=5.3.0, <5.3.20>=5.4.0, <5.4.18>=5.5.0, <5.5.17>=5.6.0, <5.6.16>=5.7.0, <5.7.14>=5.8.0, <5.8.12>=5.9.0, <5.9.12>=6.0.0, <6.0.11>=6.1.0, <6.1.9>=6.2.0, <6.2.8>=6.3.0, <6.3.7>=6.4.0, <6.4.7>=6.5.0, <6.5.7>=6.6.0, <6.6.4>=6.7.0, <6.7.4>=6.8.0, <6.8.3
Has fix
ComposerPublished 12 Dec 2025
  • M
Missing Authorization
Affects azuracast/azuracast | Versions <0.23.2
Has fix
ComposerPublished 12 Dec 2025
  • M
Insertion of Sensitive Information Into Sent Data
Affects johnpbloch/wordpress-core | Versions >=4.7.0, <4.7.31>=4.8.0, <4.8.27>=4.9.0, <4.9.28>=5.0.0, <5.0.24>=5.1.0, <5.1.21>=5.2.0, <5.2.23>=5.3.0, <5.3.20>=5.4.0, <5.4.18>=5.5.0, <5.5.17>=5.6.0, <5.6.16>=5.7.0, <5.7.14>=5.8.0, <5.8.12>=5.9.0, <5.9.12>=6.0.0, <6.0.11>=6.1.0, <6.1.9>=6.2.0, <6.2.8>=6.3.0, <6.3.7>=6.4.0, <6.4.7>=6.5.0, <6.5.7>=6.6.0, <6.6.4>=6.7.0, <6.7.4>=6.8.0, <6.8.3
Has fix
ComposerPublished 12 Dec 2025
  • H
Arbitrary File Upload
Affects dotclear/dotclear | Versions <2.31
Has fix
ComposerPublished 12 Dec 2025
  • H
Uncaught Exception
Affects robrichards/xmlseclibs | Versions <3.1.4
Has fix
ComposerPublished 12 Dec 2025
  • H
Arbitrary File Upload
Affects apprain/apprain | Versions >=0.0.0
Has fix
ComposerPublished 11 Dec 2025
  • C
Unverified Password Change
Affects ibexa/user | Versions >=5.0.0-beta1, <5.0.4
Has fix
ComposerPublished 11 Dec 2025
  • C
Authentication Bypass Using an Alternate Path or Channel
Affects filament/filament | Versions >=4.0.0, <4.3.1
Has fix
ComposerPublished 10 Dec 2025
  • H
Cross-site Scripting (XSS)
Affects shopware/storefront | Versions >=6.4.6.0, <6.6.10.10>=6.7.0.0, <6.7.5.1
Has fix
ComposerPublished 10 Dec 2025
  • H
Arbitrary Code Injection
Affects neuron-core/neuron-ai | Versions >=2.8.11, <2.8.12
Has fix
ComposerPublished 10 Dec 2025
  • H
Execution with Unnecessary Privileges
Affects neuron-core/neuron-ai | Versions >=2.8.11, <2.8.12
Has fix
ComposerPublished 10 Dec 2025
  • M
Cross-site Scripting (XSS)
Affects getgrav/grav | Versions >=0.0.0
Has fix
ComposerPublished 5 Dec 2025