Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo
cocoapods
Composer
Go
hex
Maven
npm
NuGet
pip
pub
RubyGems
Swift
Unmanaged (C/C++)
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
VULNERABILITY
AFFECTS
TYPE
PUBLISHED
L
Cross-site Scripting (XSS)
pimcore/admin-ui-classic-bundle
<1.7.6
Composer
8 Apr 2025
M
Incorrect Authorization
drupal/core
<10.3.13
>=10.4.0, <10.4.3
>=11.0.0, <11.0.12
>=11.1.0, <11.1.3
Composer
6 Apr 2025
M
Cross-site Scripting (XSS)
drupal/core
<10.3.14
>=10.4.0, <10.4.5
>=11.0.0, <11.0.13
>=11.1.0, <11.1.5
Composer
6 Apr 2025
L
Improperly Controlled Modification of Dynamically-Determined Object Attributes
drupal/core
<10.3.13
>=10.4.0, <10.4.3
>=11.0.0, <11.0.12
>=11.1.0, <11.1.3
Composer
6 Apr 2025
M
Cross-site Scripting (XSS)
drupal/core
<10.3.13
>=10.4.0, <10.4.3
>=11.0.0, <11.0.12
>=11.1.0, <11.1.3
Composer
6 Apr 2025
H
Incorrect Behavior Order
api-platform/graphql
<4.0.22
Composer
4 Apr 2025
H
Incorrect Behavior Order
api-platform/core
<4.0.22
Composer
4 Apr 2025
H
Incorrect Authorization
api-platform/graphql
<4.0.22
Composer
4 Apr 2025
H
Incorrect Authorization
api-platform/core
<4.0.22
Composer
4 Apr 2025
M
Information Exposure
api-platform/core
>=3.2.0, <3.2.5
Composer
4 Apr 2025
M
Cross-site Request Forgery (CSRF)
concrete5/concrete5
<8.5.20
>=9.0.0RC1, <9.4.0RC2
Composer
3 Apr 2025
H
Server-side Request Forgery (SSRF)
spatie/browsershot
>=0.0.0
Composer
3 Apr 2025
M
Deserialization of Untrusted Data
yiisoft/yii2-dev
>=0.0.0
Composer
1 Apr 2025
M
Cross-site Scripting (XSS)
clickstorm/cs-seo
>=6.0.0, <6.7.0
>=7.0.0, <7.4.0
>=8.0.0, <8.3.0
>=9.0.0, <9.2.0
Composer
31 Mar 2025
M
Cross-site Scripting (XSS)
codingms/additional-tca
>=1.7.0, <1.15.17
>=1.16.0, <1.16.9
Composer
30 Mar 2025
M
Missing Authorization
tastyigniter/tastyigniter
<4.0.0
Composer
30 Mar 2025
M
Missing Authorization
tastyigniter/tastyigniter
<4.0.0-beta.1
Composer
25 Mar 2025
L
Omitted Break Statement in Switch
api-platform/core
>=3.3.8, <3.3.15
Composer
25 Mar 2025
H
External Control of Assumed-Immutable Web Parameter
sylius/paypal-plugin
<1.6.2
>=1.7.0, <1.7.2
>=2.0.0, <2.0.2
Composer
20 Mar 2025
M
Cross-site Scripting (XSS)
contao/core-bundle
>=4.0.0, <4.13.54
>=5.0.0, <5.3.30
>=5.4.0, <5.5.6
Composer
19 Mar 2025
M
Cross-site Scripting (XSS)
modx/revolution
>=0.0.0
Composer
18 Mar 2025
C
Deserialization of Untrusted Data
viames/pair
<2.0.0-beta
Composer
18 Mar 2025
M
Allocation of Resources Without Limits or Throttling
pocketmine/pocketmine-mp
<5.25.2
Composer
18 Mar 2025
H
External Control of Assumed-Immutable Web Parameter
sylius/paypal-plugin
<1.6.1
>=1.7.0, <1.7.1
>=2.0.0, <2.0.1
Composer
18 Mar 2025
M
Improper Neutralization
macropay-solutions/laravel-crud-wizard-free
<3.4.17
Composer
17 Mar 2025
M
Cross-site Scripting (XSS)
microweber/microweber
>=0.0.0
Composer
17 Mar 2025
H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
flarum/core
<1.8.10
Composer
17 Mar 2025
H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
flarum/framework
<1.8.10
Composer
17 Mar 2025
M
Improper Authentication
froxlor/froxlor
<2.2.6
Composer
17 Mar 2025
M
Cross-site Scripting (XSS)
froxlor/froxlor
<2.2.6
Composer
17 Mar 2025