Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
VULNERABILITYAFFECTSTYPEPUBLISHED
  • H
Arbitrary File Upload
hillelcoren/invoice-ninja<5.11.73Composer22 Sept 2025
  • H
Deserialization of Untrusted Data
snipe/snipe-it<8.1.18Composer22 Sept 2025
  • M
Cross-site Scripting (XSS)
snipe/snipe-it<8.1.18Composer22 Sept 2025
  • C
Improper Input Validation
magento/community-edition>=0.0.0Composer19 Sept 2025
  • C
Improper Input Validation
magento/project-community-edition>=0.0.0Composer19 Sept 2025
  • M
Cross-site Scripting (XSS)
zencart/zencart>=0.0.0Composer18 Sept 2025
  • M
SQL Injection
open-web-analytics/open-web-analytics<1.8.1Composer17 Sept 2025
  • L
Cross-site Scripting (XSS)
lavitto/typo3-form-to-database<2.2.5>=3.0.0, <3.2.2>=4.0.0, <4.2.3>=5.0.0, <5.0.2Composer17 Sept 2025
  • M
Cross-site Scripting (XSS)
yeswiki/yeswiki>=0.0.0Composer17 Sept 2025
  • M
Missing Authorization
typo3/cms-recordlist>=11.3.0Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-backend>=12.0.0, <12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Uncaught Exception
typo3/cms-backend>=11.3.0, <12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • H
Missing Authorization
typo3/cms-workspaces<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-workspaces<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-recycler<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-dashboard<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-beuser<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Missing Authorization
typo3/cms-backend<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Information Exposure
typo3/cms-core<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Insufficient Entropy
typo3/cms-core>=12.1.0, <12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Open Redirect
typo3/cms-core<12.4.37>=13.0.0, <13.4.18Composer15 Sept 2025
  • M
Authorization Bypass Through User-Controlled SQL Primary Key
intelliants/subrion>=0.0.0Composer15 Sept 2025
  • M
Improper Input Validation
datahihi1/tiny-env>=1.0.9, <1.0.11Composer15 Sept 2025
  • M
Improper Check or Handling of Exceptional Conditions
datahihi1/tiny-env<1.0.3>=1.0.9, <1.0.11Composer15 Sept 2025
  • H
Reliance on File Name or Extension of Externally-Supplied File
mahocommerce/maho<25.9.0Composer15 Sept 2025
  • H
Command Injection
nitsan/ns-backup<13.0.3Composer15 Sept 2025
  • M
SQL Injection
ricardomartins/pagbank-woocommerce<4.44.4Composer15 Sept 2025
  • M
Cross-site Scripting (XSS)
mautic/core-lib>=5.0.0-alpha, <5.2.8>=6.0.0-alpha, <6.0.5Composer8 Sept 2025
  • H
SQL Injection
tirreno/tirreno<0.9.6Composer8 Sept 2025
  • M
Cross-site Scripting (XSS)
apprain/apprain>=0.0.0Composer7 Sept 2025