Vulnerability Library

search
ID
Packages
Summary
Affected versions
Published
Fix
GHSA-p572-p2rj-q5f4
  • NuGet/Umbraco.Forms
 Umbraco Forms components vulnerable to Stored Cross-site Scripting
  • 13.0.0
  • 12.0.0
  • 12.1.0
  • 12.1.0-rc1
  • 12.1.1
  • 12.1.2
  • 12.2.0
  • ...
 2024-05-28T20:40:31Z Fix available
GHSA-j6cv-98jx-mrwr
  • PyPI/mocodo
 Mocodo vulnerable to SQL injection in `/web/generate.php`
  • 2.0.0
  • 2.0.0rc1
  • 2.0.1
  • 2.0.10
  • 2.0.11
  • 2.0.12
  • 2.0.13
  • ...
 2024-05-28T20:20:37Z Fix available
GHSA-fjr2-r2mp-484p
  • Packagist/simplesamlphp/simplesamlphp
 SimpleSAMLphp signature validation bypass
  • v1.12.0
  • v1.13.0
  • v1.13.0-rc1
  • v1.13.0-rc2
  • v1.13.1
  • v1.13.2
  • v1.14.0
  • ...
 2024-05-28T19:29:37Z Fix available
GHSA-7wh8-jrq7-p27f
  • Packagist/simplesamlphp/simplesamlphp
 SimpleSAMLphp exposes credentials in session storage
  • 1.16.0
  • 1.16.1
  • 1.16.2
 2024-05-28T18:28:53Z Fix available
GHSA-v858-922f-fj9v
  • Packagist/simplesamlphp/simplesamlphp
 SimpleSAMLphp Link Injection vulnerability
  • v1.12.0
  • v1.13.0
  • v1.13.0-rc1
  • v1.13.0-rc2
  • v1.13.1
  • v1.13.2
  • v1.14.0
  • ...
 2024-05-28T18:26:35Z Fix available
GHSA-xc69-p8fc-m6m5
  • Packagist/silverstripe/subsites
 silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
  • 2.0.0
  • 2.0.1
  • 2.0.2
  • 2.1.0
 2024-05-28T18:23:17Z Fix available
GHSA-p2v5-xcqm-4fv6
  • Packagist/silverstripe/taxonomy
 silverstripe/taxonomy SQL Injection vulnerability
  • 1.3.0
  • 2.0.0
 2024-05-28T17:29:03Z Fix available
GHSA-55pp-293f-3365
  • Packagist/silverstripe/userforms
 silverstripe/userforms file upload exposure on UserForms module
  • 0.5.1
  • 1.0.1
  • 1.1.0-beta
  • 2.0.1
  • 2.0.1-rc1
  • 2.0.10
  • 2.0.2
  • ...
 2024-05-28T17:21:00Z Fix available
GHSA-8fmj-33gw-g7pw
  • Go/github.com/stacklok/minder
 Denial of service of Minder Server from maliciously crafted GitHub attestations
  • See details.
 2024-05-28T16:55:02Z Fix available
GHSA-gx8m-f3mp-fg99
  • Packagist/getformwork/formwork
 formwork Cross-site scripting vulnerability in Markdown fields
  • 0.10.0
  • 0.10.1
  • 0.10.2
  • 0.10.3
  • 0.10.4
  • 0.10.5
  • 0.11.0
  • ...
 2024-05-28T16:54:31Z Fix available
GO-2024-2572
  • Go/cosmossdk.io/x/auth
 Vesting account creation on blocked address in cosmossdk.io/x/auth
  • See details.
 2024-05-28T16:10:17Z No fix available
GHSA-8c8q-2xw3-j869
  • RubyGems/rack-contrib
 rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
  • 0.9.0
  • 0.9.2
  • 1.0.0
  • 1.0.1
  • 1.1.0
  • 1.2.0
  • 1.2.0.39.g17d21b4
  • ...
 2024-05-28T15:48:43Z Fix available
GHSA-g3hr-p86p-593h
  • Maven/org.openapitools:openapi-generator-online
 OpenAPI Generator Online - Arbitrary File Read/Delete
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.0.3
  • 3.1.0
  • 3.1.1
  • 3.1.2
  • ...
 2024-05-28T15:47:57Z Fix available
GHSA-7r3j-qmr4-jfpj
  • RubyGems/kaminari
 Kaminari Insecure File Permissions Vulnerability
  • 0.15.0
  • 0.15.1
  • 0.16.0
  • 0.16.1
 2024-05-28T15:47:00Z Fix available
GHSA-wjg9-v8cf-f5q2
  • Packagist/silverstripe/graphql
 silverstripe/graphql Cross-Site Request Forgery vulnerability
  • 2.0.0
  • 2.0.1
  • 2.0.2
 2024-05-28T13:13:11Z Fix available
GHSA-265q-222x-52m6
  • Packagist/silverstripe/framework
 silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
  • 4.0.0
  • 4.0.0-rc1
  • 4.0.0-rc2
  • 4.0.0-rc3
  • 4.0.1
  • 4.0.1-rc1
  • 4.0.2
  • ...
 2024-05-28T13:01:48Z Fix available
Load more...