Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
VULNERABILITYAFFECTSTYPEPUBLISHED
  • H
Cross-site Scripting (XSS)
magento/community-edition<2.4.5-p14>=2.4.6, <2.4.6-p12>=2.4.7-beta1, <2.4.7-p7>=2.8.4-beta1, <2.8.4-p1Composer5 Sept 2025
  • H
Unverified Ownership
mautic/core-lib<5.2.8>=6.0.0-alpha, <6.0.5Composer3 Sept 2025
  • M
Observable Response Discrepancy
mautic/core-lib<5.2.8>=6.0.0-alpha, <6.0.5Composer3 Sept 2025
  • M
Server-side Request Forgery (SSRF)
mautic/core-lib<5.2.8>=6.0.0-alpha, <6.0.5Composer3 Sept 2025
  • L
Improper Restriction of Rendered UI Layers or Frames
boomcms/boom-core>=0.0.0Composer3 Sept 2025
  • H
Allocation of Resources Without Limits or Throttling
mikecao/flight<1.2Composer3 Sept 2025
  • C
Deserialization of Untrusted Data
prestashop/prestashop<8.2.1Composer3 Sept 2025
  • M
Incorrect Authorization
contao/core-bundle>=5.3.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/core-bundle>=4.9.14, <4.13.56>=5.0.0-RC1, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/comments-bundle>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Incorrect Authorization
contao/core-bundle>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1Composer29 Aug 2025
  • M
Cross-site Scripting (XSS)
moonshine/moonshine>=0.0.0, <3.12.6Composer28 Aug 2025
  • H
Arbitrary Code Injection
craftcms/cms>=4.0.0-RC1, <4.16.5>=5.0.0-RC1, <5.8.7Composer28 Aug 2025
  • M
Unrestricted Upload of File with Dangerous Type
moonshine/moonshine<3.12.5Composer28 Aug 2025
  • H
SQL Injection
alextselegidis/easyappointments>=0.0.0, <1.5.2Composer28 Aug 2025
  • M
SQL Injection
lee-to/moonshine-tree-resource<2.0.2Composer28 Aug 2025
  • H
Server-side Request Forgery (SSRF)
phpoffice/phpspreadsheet<1.30.0>=2.0.0, <2.1.12>=2.2.0, <2.4.0>=3.3.0, <3.10.0>=4.0.0, <5.0.0Composer27 Aug 2025
  • C
Arbitrary File Upload
badaso/core>=1.0.0-alpha.1Composer27 Aug 2025
  • M
Cross-site Scripting (XSS)
moonshine/moonshine<3.12.4Composer26 Aug 2025
  • M
CSV Injection
unopim/unopim<0.3.1Composer25 Aug 2025
  • H
Missing Authorization
unopim/unopim<0.3.1Composer25 Aug 2025
  • H
Cross-site Request Forgery (CSRF)
unopim/unopim<0.2.1Composer25 Aug 2025
  • H
Arbitrary File Upload
unopim/unopim<0.2.1Composer25 Aug 2025
  • H
Cross-site Scripting (XSS)
unopim/unopim<0.2.1Composer25 Aug 2025
  • M
Cross-site Scripting (XSS)
librenms/librenms<25.8.0Composer21 Aug 2025
  • M
Server-side Request Forgery (SSRF)
johnbillion/wp-crontrol>=1.17.0, <1.19.2Composer21 Aug 2025
  • M
Cross-site Scripting (XSS)
opencart/opencart>=2.2.0.0Composer20 Aug 2025
  • M
Cross-site Scripting (XSS)
opencart/opencart>=2.2.0.0Composer20 Aug 2025
  • H
Brute Force
soosyze/soosyze>=0.0.0Composer18 Aug 2025
  • H
Directory Traversal
studio-42/elfinder<2.1.66Composer13 Aug 2025