OSV - Open Source Vulnerabilities

GHSA-cw7v-45wm-mcf2

Packagist/getkirby/cms

Kirby CMS has Persistent DoS via Malformed Image Upload

16 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-27qh-8cxx-2cr5

Packagist/aws/aws-sdk-php

AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

19 hours ago

Fix available
Severity - 7.7 (High)

GHSA-rf88-776r-rcq9

Packagist/saloonphp/saloon

Saloon has insecure deserialization in AccessTokenAuthenticator

20 hours ago

Fix available
Severity - 8.1 (High)

GHSA-2mfj-r695-5h9r

Packagist/dolibarr/dolibarr

Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

21 hours ago

No fix available
Severity - 6.5 (Medium)

GHSA-f346-8rp3-4h9h

Packagist/miraheze/ts-portal

TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

23 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-gfhq-7499-f3f2

Packagist/miraheze/ts-portal

TSPortal: Any user can forge self-deletion requests for any account

23 hours ago

Fix available
Severity - 8.4 (High)

GHSA-4hp7-3wxg-cv9q

Packagist/statamic/cms

Statamic allows unauthorized content access through missing authorization in its revision controllers

yesterday

Fix available
Severity - 5.4 (Medium)

GHSA-gcqf-5x9f-hq7f

Packagist/statamic/cms

Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields

yesterday

Fix available
Severity - 6.5 (Medium)

GHSA-7f74-7q5w-hj4r

Packagist/statamic/cms

Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential

yesterday

Fix available
Severity - 6.1 (Medium)

GHSA-8vwx-ccf6-5wg2

Packagist/statamic/cms

Statamic's live preview token bypasses content protection for unrelated entries

yesterday

Fix available
Severity - 4.3 (Medium)

GHSA-3jg4-p23x-p4qx

Packagist/statamic/cms

Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag

yesterday

Fix available
Severity - 6.1 (Medium)

GHSA-cvh3-23vq-w7h4

Packagist/statamic/cms

Statamic's Markdown preview endpoint exposes sensitive user data

yesterday

Fix available
Severity - 6.5 (Medium)

GHSA-363v-5rh8-23wg

Packagist/wwbn/avideo

AVideo has Plaintext Video Password Storage

yesterday

No fix available
Severity - 9.1 (Critical)

GHSA-584p-rpvq-35vf

Packagist/wwbn/avideo

AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

yesterday

No fix available
Severity - 7.1 (High)

GHSA-fj74-qxj7-r3vc

Packagist/wwbn/avideo

AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query

yesterday

Fix available
Severity - 7.1 (High)

GHSA-f359-r3pv-2phf

Packagist/wwbn/avideo

AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

yesterday

No fix available
Severity - 5.3 (Medium)