Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
VULNERABILITYAFFECTSTYPEPUBLISHED
  • M
Incorrect Authorization
contao/core-bundle>=5.3.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/core-bundle>=4.9.14, <4.13.56>=5.0.0-RC1, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/comments-bundle>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/core-bundle>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Cross-site Scripting (XSS)
moonshine/moonshine>=0.0.0Composer28 Aug 2025
  • H
Arbitrary Code Injection
craftcms/cms>=4.0.0-RC1, <4.16.5>=5.0.0-RC1, <5.8.7Composer28 Aug 2025
  • M
Unrestricted Upload of File with Dangerous Type
moonshine/moonshine<3.12.5Composer28 Aug 2025
  • H
SQL Injection
alextselegidis/easyappointments>=0.0.0Composer28 Aug 2025
  • M
SQL Injection
lee-to/moonshine-tree-resource<2.0.2Composer28 Aug 2025
  • H
Server-side Request Forgery (SSRF)
phpoffice/phpspreadsheet<1.30.0>=2.0.0, <2.1.12>=2.2.0, <2.4.0>=3.3.0, <3.10.0>=4.0.0, <5.0.0Composer27 Aug 2025
  • C
Arbitrary File Upload
badaso/core>=1.0.0-alpha.1Composer27 Aug 2025
  • M
Cross-site Scripting (XSS)
moonshine/moonshine<3.12.4Composer26 Aug 2025
  • M
CSV Injection
unopim/unopim<0.3.1Composer25 Aug 2025
  • H
Missing Authorization
unopim/unopim<0.3.1Composer25 Aug 2025
  • H
Cross-site Request Forgery (CSRF)
unopim/unopim<0.2.1Composer25 Aug 2025
  • H
Arbitrary File Upload
unopim/unopim<0.2.1Composer25 Aug 2025
  • H
Cross-site Scripting (XSS)
unopim/unopim<0.2.1Composer25 Aug 2025
  • M
Cross-site Scripting (XSS)
librenms/librenms<25.8.0Composer21 Aug 2025
  • M
Server-side Request Forgery (SSRF)
johnbillion/wp-crontrol>=1.17.0, <1.19.2Composer21 Aug 2025
  • M
Cross-site Scripting (XSS)
opencart/opencart>=2.2.0.0Composer20 Aug 2025
  • M
Cross-site Scripting (XSS)
opencart/opencart>=2.2.0.0Composer20 Aug 2025
  • H
Brute Force
soosyze/soosyze>=0.0.0Composer18 Aug 2025
  • H
Directory Traversal
studio-42/elfinder<2.1.66Composer13 Aug 2025
  • M
Cross-site Scripting (XSS)
enshrined/svg-sanitize<0.22.0Composer13 Aug 2025
  • H
Arbitrary File Upload
simogeo/filemanager>=0.0.0Composer12 Aug 2025
  • H
Arbitrary Code Injection
craftcms/cms>=4.13.8, <4.16.3>=5.5.8, <5.8.4Composer10 Aug 2025
  • M
Cross-site Scripting (XSS)
concrete5/concrete5<8.5.21>=9.0.0RC1, <9.4.3Composer8 Aug 2025
  • L
Cross-site Scripting (XSS)
concrete5/concrete5>=9.0.0RC1, <9.4.3Composer8 Aug 2025
  • C
Directory Traversal
topthink/framework>=0.0.0Composer8 Aug 2025
  • M
Cross-site Scripting (XSS)
microweber/microweber>=2.0.0Composer8 Aug 2025