Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
VULNERABILITYAFFECTSTYPEPUBLISHED
  • M
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
shopxo/shopxo>=0.0.0Composer24 Feb 2025
  • M
Cross-site Scripting (XSS)
leantime/leantime<3.3Composer23 Feb 2025
  • L
Cross-site Scripting (XSS)
leantime/leantime<3.3Composer23 Feb 2025
  • M
Cross-site Scripting (XSS)
leantime/leantime<3.3.0Composer23 Feb 2025
  • L
Missing Authorization
leantime/leantime<3.3Composer23 Feb 2025
  • H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
leantime/leantime<3.1.2Composer23 Feb 2025
  • M
Cross-site Request Forgery (CSRF)
leantime/leantime<3.1.2Composer23 Feb 2025
  • M
Insufficiently Protected Credentials
leantime/leantime<3.3Composer23 Feb 2025
  • M
Cross-site Scripting (XSS)
leantime/leantime>=3.1.4, <3.3Composer23 Feb 2025
  • M
Cross-site Scripting (XSS)
leantime/leantime>=0.0.0Composer23 Feb 2025
  • M
Cross-site Scripting (XSS)
leantime/leantime<3.3Composer23 Feb 2025
  • H
Cross-site Scripting (XSS)
leantime/leantime<3.3Composer23 Feb 2025
  • C
Improper Authorization
magento/community-edition<2.4.4-p12>=2.4.5-p1, <2.4.5-p11>=2.4.6-p1, <2.4.6-p9>=2.4.7-beta1, <2.4.7-p4>=2.4.8-beta1, <2.4.8-beta2Composer20 Feb 2025
  • C
Improper Authorization
magento/project-community-edition>=0.0.0Composer20 Feb 2025
  • M
Cross-site Scripting (XSS)
alextselegidis/easyappointments>=0.0.0Composer16 Feb 2025
  • C
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
islandora/crayfish>=0.0.0Composer13 Feb 2025
  • M
Cross-site Scripting (XSS)
redaxo/source>=5.12.0-beta1, <5.18.2Composer12 Feb 2025
  • H
Information Exposure
opensource-workshop/connect-cms<1.8.4Composer9 Feb 2025
  • M
Access Control Bypass
opensource-workshop/connect-cms<1.8.7>=2.0.0, <2.4.7Composer9 Feb 2025
  • M
Cross-site Scripting (XSS)
mwdelaney/wp-enable-svg>=0.0.0Composer9 Feb 2025
  • M
Information Exposure
pimcore/admin-ui-classic-bundle<1.7.4Composer9 Feb 2025
  • H
Improper Restriction of Excessive Authentication Attempts
sylius/sylius>=0.0.0Composer7 Feb 2025
  • M
Cross-site Scripting (XSS)
phpoffice/phpspreadsheet<1.29.9>=2.0.0, <2.1.8>=2.2.0, <2.3.7>=3.0.0, <3.9.0Composer4 Feb 2025
  • H
Improper Input Validation
spatie/browsershot<5.0.5Composer4 Feb 2025
  • H
Arbitrary File Upload
cockpit-hq/cockpit<2.4.1Composer4 Feb 2025
  • H
Improper Input Validation
spatie/browsershot<5.0.5Composer4 Feb 2025
  • M
Cross-site Scripting (XSS)
backdrop/backdrop<1.30.0Composer3 Feb 2025
  • M
Cross-site Scripting (XSS)
backdrop/backdrop<1.30.0Composer3 Feb 2025
  • M
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
twig/twig>=3.16.0, <3.19.0Composer30 Jan 2025
  • M
External Control of File Name or Path
tcg/voyager>=0.0.0Composer30 Jan 2025