├── .editorconfig ├── .github └── workflows │ └── php.yaml ├── .gitignore ├── 3f └── pygmentize │ └── 2017-05-15.yaml ├── LICENSE ├── README.md ├── adodb └── adodb-php │ ├── 2018-03-06.yaml │ └── CVE-2016-4855.yaml ├── alterphp └── easyadmin-extension-bundle │ └── 2018-10-02.yaml ├── amphp ├── artax │ ├── 2017-05-09.yaml │ └── CVE-2016-5385.yaml ├── http-client │ ├── 2020-06-16.yaml │ └── CVE-2024-2653.yaml └── http │ ├── 2018-03-15.yaml │ └── CVE-2024-2653.yaml ├── api-platform └── core │ ├── CVE-2019-1000011.yaml │ └── CVE-2023-25575.yaml ├── asymmetricrypt └── asymmetricrypt │ └── 2017-11-20.yaml ├── aws └── aws-sdk-php │ ├── CVE-2015-5723.yaml │ └── CVE-2023-51651.yaml ├── brightlocal └── phpwhois │ └── CVE-2015-5243.yaml ├── brotkrueml ├── codehighlight │ ├── 2021-03-16-1.yaml │ └── 2021-11-10-1.yaml ├── schema │ └── CVE-2022-33154.yaml └── typo3-matomo-integration │ └── CVE-2022-33156.yaml ├── bugsnag └── bugsnag-laravel │ └── CVE-2016-5385.yaml ├── cakephp └── cakephp │ ├── 2014-04-29.yaml │ ├── 2015-05-07.yaml │ ├── 2015-05-28.yaml │ ├── 2015-08-06.yaml │ ├── 2015-11-05.yaml │ ├── 2018-05-20.yaml │ └── CVE-2019-11458.yaml ├── cart2quote └── module-quotation │ └── 2017-02-01.yaml ├── cartalyst └── sentry │ └── 2016-09-05.yaml ├── causal └── oidc │ ├── CVE-2024-30173.yaml │ └── CVE-2025-24856.yaml ├── clickstorm └── cs-seo │ ├── CVE-2025-30081.yaml │ └── CVE-2025-48203.yaml ├── codeception └── codeception │ └── CVE-2021-23420.yaml ├── codeigniter └── framework │ ├── 2015-10-31-1.yaml │ └── 2016-07-26-1.yaml ├── codeigniter4 └── framework │ ├── CVE-2022-21647.yaml │ ├── CVE-2022-21715.yaml │ ├── CVE-2022-23556.yaml │ ├── CVE-2022-24711.yaml │ ├── CVE-2022-24712.yaml │ ├── CVE-2022-39284.yaml │ └── CVE-2022-46170.yaml ├── codingms └── additional-tca │ └── CVE-2025-30083.yaml ├── composer.json ├── composer └── composer │ ├── CVE-2015-8371.yaml │ ├── CVE-2021-29472.yaml │ ├── CVE-2021-41116.yaml │ └── CVE-2022-24828.yaml ├── contao-components └── mediaelement │ └── CVE-2016-4567.yaml ├── contao ├── contao │ ├── CVE-2017-10993.yaml │ ├── CVE-2017-16558.yaml │ ├── CVE-2018-10125.yaml │ ├── CVE-2019-10641.yaml │ ├── CVE-2019-10642.yaml │ ├── CVE-2019-10643.yaml │ ├── CVE-2019-11512.yaml │ ├── CVE-2019-19712.yaml │ ├── CVE-2019-19714.yaml │ ├── CVE-2019-19745.yaml │ ├── CVE-2020-25768.yaml │ ├── CVE-2021-35210.yaml │ ├── CVE-2021-35955.yaml │ ├── CVE-2021-37626.yaml │ ├── CVE-2021-37627.yaml │ ├── CVE-2022-24899.yaml │ └── CVE-2023-29200.yaml ├── core-bundle │ ├── CVE-2017-10993.yaml │ ├── CVE-2017-16558.yaml │ ├── CVE-2018-10125.yaml │ ├── CVE-2019-10641.yaml │ ├── CVE-2019-10642.yaml │ ├── CVE-2019-10643.yaml │ ├── CVE-2019-11512.yaml │ ├── CVE-2019-19712.yaml │ ├── CVE-2019-19714.yaml │ ├── CVE-2019-19745.yaml │ ├── CVE-2020-25768.yaml │ ├── CVE-2021-35210.yaml │ ├── CVE-2021-35955.yaml │ ├── CVE-2021-37626.yaml │ ├── CVE-2021-37627.yaml │ ├── CVE-2022-24899.yaml │ └── CVE-2023-29200.yaml ├── core │ ├── 2014-02-13.yaml │ ├── 2014-04-07.yaml │ ├── CVE-2015-0269.yaml │ ├── CVE-2016-4567.yaml │ ├── CVE-2017-10993.yaml │ ├── CVE-2017-16558.yaml │ ├── CVE-2018-10125.yaml │ ├── CVE-2018-5478.yaml │ └── CVE-2019-10641.yaml └── listing-bundle │ └── CVE-2017-16558.yaml ├── datadog └── dd-trace │ └── 2019-09-26-1.yaml ├── david-garcia └── phpwhois │ └── CVE-2015-5243.yaml ├── derhansen └── fe_change_pwd │ └── CVE-2022-47406.yaml ├── directmailteam └── direct-mail │ └── CVE-2023-50461.yaml ├── dnadesign └── silverstripe-elemental │ └── CVE-2025-25197.yaml ├── doctrine ├── annotations │ └── CVE-2015-5723.yaml ├── cache │ └── CVE-2015-5723.yaml ├── common │ └── CVE-2015-5723.yaml ├── dbal │ ├── 2011-09-25.yaml │ └── CVE-2021-43608.yaml ├── doctrine-bundle │ └── CVE-2015-5723.yaml ├── doctrine-module │ └── 2013-05-16.yaml ├── mongodb-odm-bundle │ └── CVE-2015-5723.yaml ├── mongodb-odm │ └── CVE-2015-5723.yaml └── orm │ ├── 2011-09-25.yaml │ ├── 2021-04-06.yaml │ └── CVE-2015-5723.yaml ├── dompdf └── dompdf │ ├── CVE-2010-4879.yaml │ ├── CVE-2014-2383.yaml │ ├── CVE-2014-5011.yaml │ ├── CVE-2014-5012.yaml │ ├── CVE-2014-5013.yaml │ ├── CVE-2022-0085.yaml │ ├── CVE-2022-28368.yaml │ ├── CVE-2022-41343.yaml │ ├── CVE-2023-23924.yaml │ └── CVE-2023-50262.yaml ├── drupal ├── core │ ├── 2018-10-17-1.yaml │ ├── 2018-10-17-2.yaml │ ├── 2018-10-17-3.yaml │ ├── 2018-10-17-4.yaml │ ├── 2018-10-17-5.yaml │ ├── 2019-12-18-1.yaml │ ├── 2019-12-18-2.yaml │ ├── 2019-12-18-3.yaml │ ├── 2019-12-18-4.yaml │ ├── 2020-03-18.yaml │ ├── 2020-05-20-1.yaml │ ├── 2020-11-25.yaml │ ├── 2021-05-26.yaml │ ├── 2024-01-17.yaml │ ├── CVE-2016-3162.yaml │ ├── CVE-2016-3163.yaml │ ├── CVE-2016-3164.yaml │ ├── CVE-2016-3165.yaml │ ├── CVE-2016-3166.yaml │ ├── CVE-2016-3167.yaml │ ├── CVE-2016-3168.yaml │ ├── CVE-2016-3169.yaml │ ├── CVE-2016-3170.yaml │ ├── CVE-2016-3171.yaml │ ├── CVE-2016-5385.yaml │ ├── CVE-2016-6211.yaml │ ├── CVE-2016-6212.yaml │ ├── CVE-2016-7570.yaml │ ├── CVE-2016-7571.yaml │ ├── CVE-2016-7572.yaml │ ├── CVE-2016-9449.yaml │ ├── CVE-2016-9450.yaml │ ├── CVE-2016-9452.yaml │ ├── CVE-2017-6377.yaml │ ├── CVE-2017-6379.yaml │ ├── CVE-2017-6381.yaml │ ├── CVE-2017-6919.yaml │ ├── CVE-2017-6920.yaml │ ├── CVE-2017-6921.yaml │ ├── CVE-2017-6922.yaml │ ├── CVE-2017-6923.yaml │ ├── CVE-2017-6924.yaml │ ├── CVE-2017-6925.yaml │ ├── CVE-2017-6926.yaml │ ├── CVE-2017-6927.yaml │ ├── CVE-2017-6928.yaml │ ├── CVE-2017-6929.yaml │ ├── CVE-2017-6930.yaml │ ├── CVE-2017-6931.yaml │ ├── CVE-2017-6932.yaml │ ├── CVE-2018-7600.yaml │ ├── CVE-2018-7602.yaml │ ├── CVE-2018-9861.yaml │ ├── CVE-2019-10909.yaml │ ├── CVE-2019-11831.yaml │ ├── CVE-2019-6338.yaml │ ├── CVE-2019-6339.yaml │ ├── CVE-2019-6340.yaml │ ├── CVE-2019-6341.yaml │ ├── CVE-2019-6342.yaml │ ├── CVE-2020-13662.yaml │ ├── CVE-2020-13663.yaml │ ├── CVE-2020-13664.yaml │ ├── CVE-2020-13665.yaml │ ├── CVE-2020-13666.yaml │ ├── CVE-2020-13667.yaml │ ├── CVE-2020-13668.yaml │ ├── CVE-2020-13669.yaml │ ├── CVE-2020-13670.yaml │ ├── CVE-2020-13671.yaml │ ├── CVE-2020-13672.yaml │ ├── CVE-2021-33829.yaml │ ├── CVE-2022-25275.yaml │ ├── CVE-2022-25277.yaml │ └── CVE-2022-25278.yaml └── drupal │ ├── 2018-10-17-1.yaml │ ├── 2018-10-17-2.yaml │ ├── 2018-10-17-3.yaml │ ├── 2018-10-17-4.yaml │ ├── 2018-10-17-5.yaml │ ├── 2019-12-18-1.yaml │ ├── 2019-12-18-2.yaml │ ├── 2019-12-18-3.yaml │ ├── 2019-12-18-4.yaml │ ├── 2020-03-18.yaml │ ├── 2020-05-20-1.yaml │ ├── 2020-11-25.yaml │ ├── 2021-05-26.yaml │ ├── CVE-2016-3162.yaml │ ├── CVE-2016-3163.yaml │ ├── CVE-2016-3164.yaml │ ├── CVE-2016-3165.yaml │ ├── CVE-2016-3166.yaml │ ├── CVE-2016-3167.yaml │ ├── CVE-2016-3168.yaml │ ├── CVE-2016-3169.yaml │ ├── CVE-2016-3170.yaml │ ├── CVE-2016-3171.yaml │ ├── CVE-2016-5385.yaml │ ├── CVE-2016-6211.yaml │ ├── CVE-2016-6212.yaml │ ├── CVE-2016-7570.yaml │ ├── CVE-2016-7571.yaml │ ├── CVE-2016-7572.yaml │ ├── CVE-2016-9449.yaml │ ├── CVE-2016-9450.yaml │ ├── CVE-2016-9452.yaml │ ├── CVE-2017-6377.yaml │ ├── CVE-2017-6379.yaml │ ├── CVE-2017-6381.yaml │ ├── CVE-2017-6919.yaml │ ├── CVE-2017-6920.yaml │ ├── CVE-2017-6921.yaml │ ├── CVE-2017-6922.yaml │ ├── CVE-2017-6923.yaml │ ├── CVE-2017-6924.yaml │ ├── CVE-2017-6925.yaml │ ├── CVE-2017-6926.yaml │ ├── CVE-2017-6927.yaml │ ├── CVE-2017-6928.yaml │ ├── CVE-2017-6929.yaml │ ├── CVE-2017-6930.yaml │ ├── CVE-2017-6931.yaml │ ├── CVE-2017-6932.yaml │ ├── CVE-2018-7600.yaml │ ├── CVE-2018-7602.yaml │ ├── CVE-2018-9861.yaml │ ├── CVE-2019-10909.yaml │ ├── CVE-2019-11831.yaml │ ├── CVE-2019-6338.yaml │ ├── CVE-2019-6339.yaml │ ├── CVE-2019-6340.yaml │ ├── CVE-2019-6341.yaml │ ├── CVE-2019-6342.yaml │ ├── CVE-2020-13662.yaml │ ├── CVE-2020-13663.yaml │ ├── CVE-2020-13664.yaml │ ├── CVE-2020-13665.yaml │ ├── CVE-2020-13666.yaml │ ├── CVE-2020-13667.yaml │ ├── CVE-2020-13668.yaml │ ├── CVE-2020-13669.yaml │ ├── CVE-2020-13670.yaml │ ├── CVE-2020-13671.yaml │ ├── CVE-2020-13672.yaml │ └── CVE-2021-33829.yaml ├── elijaa └── phpmemcacheadmin │ ├── CVE-2023-6026.yaml │ └── CVE-2023-6027.yaml ├── endroid └── qr-code-bundle │ └── 2019-12-22.yaml ├── enshrined └── svg-sanitize │ └── CVE-2022-23638.yaml ├── erusev └── parsedown │ ├── CVE-2018-1000162.yaml │ └── CVE-2019-10905.yaml ├── ezsystems ├── demobundle │ └── 2020-04-21-1.yaml ├── ez-support-tools │ └── 2020-12-01-1.yaml ├── ezdemo-ls-extension │ └── 2020-04-21-1.yaml ├── ezfind-ls │ └── 2019-05-23-1.yaml ├── ezplatform-admin-ui-assets │ ├── 2019-07-04-1.yaml │ └── 2020-08-07-1.yaml ├── ezplatform-admin-ui │ ├── 2019-04-03-1.yaml │ └── CVE-2019-12139.yaml ├── ezplatform-kernel │ └── 2020-05-20-1.yaml ├── ezplatform-user │ └── 2019-04-03-1.yaml ├── ezplatform │ ├── 2019-06-27-1.yaml │ ├── 2019-09-03-1.yaml │ └── 2019-09-03-2.yaml ├── ezpublish-kernel │ ├── 2018-11-21-1.yaml │ ├── 2020-03-03-1.yaml │ └── 2020-05-20-1.yaml ├── ezpublish-legacy │ ├── 2017-09-11-1.yaml │ ├── 2018-02-26-1.yaml │ ├── 2018-10-31-1.yaml │ ├── 2018-11-01-1.yaml │ ├── 2018-11-21-1.yaml │ ├── 2020-03-03-1.yaml │ ├── 2020-10-05-1.yaml │ └── CVE-2017-1000431.yaml ├── platform-ui-assets-bundle │ └── 2020-08-07-1.yaml └── repository-forms │ └── 2018-11-20-1.yaml ├── ezyang └── htmlpurifier │ ├── CVE-2010-2479.yaml │ └── CVE-2010-4183.yaml ├── facade └── ignition │ └── CVE-2021-3129.yaml ├── firebase └── php-jwt │ ├── 2015-04-02.yaml │ └── CVE-2021-46743.yaml ├── fixpunkt ├── fp-masterquiz │ └── CVE-2022-47407.yaml └── fp-newsletter │ └── CVE-2022-47408.yaml ├── fooman └── tcpdf │ └── CVE-2018-17057.yaml ├── fossar └── tcpdf-parser │ └── CVE-2018-17057.yaml ├── frappant └── frp-form-answers │ └── CVE-2023-26091.yaml ├── friendsofsymfony ├── oauth2-php │ └── 2020-03-03-1.yaml ├── rest-bundle │ └── 2014-01-22-1.yaml └── user-bundle │ ├── 2012-07-10-1.yaml │ ├── 2012-07-10-2.yaml │ ├── 2014-09-04-1.yaml │ └── CVE-2013-5750.yaml ├── friendsofsymfony1 ├── swiftmailer │ └── CVE-2024-28859.yaml └── symfony1 │ ├── CVE-2024-28859.yaml │ └── CVE-2024-28861.yaml ├── friendsoftypo3 └── mediace │ └── CVE-2020-15086.yaml ├── fuel └── core │ ├── 2016-06-29-1.yaml │ └── 2018-04-14-1.yaml ├── gos └── web-socket-bundle │ └── 2020-07-06-1.yaml ├── gree └── jose │ └── 2016-08-30.yaml ├── gregwar └── rst │ └── 2016-10-31.yaml ├── guzzlehttp ├── guzzle │ ├── CVE-2016-5385.yaml │ ├── CVE-2022-29248.yaml │ ├── CVE-2022-31042.yaml │ ├── CVE-2022-31043.yaml │ ├── CVE-2022-31090.yaml │ └── CVE-2022-31091.yaml └── psr7 │ ├── CVE-2022-24775.yaml │ └── CVE-2023-29197.yaml ├── illuminate ├── auth │ ├── 2014-04-15.yaml │ ├── CVE-2017-14775.yaml │ └── CVE-2017-9303.yaml ├── cookie │ ├── 2018-08-08-1.yaml │ └── 2020-07-27-1.yaml ├── database │ ├── 2014-05-20.yaml │ ├── 2021-01-21.yaml │ ├── 2021-04-28.yaml │ ├── CVE-2020-24940.yaml │ └── CVE-2021-21263.yaml ├── encryption │ └── 2018-03-30-1.yaml └── view │ ├── 2020-03-13-1.yaml │ └── CVE-2021-43808.yaml ├── in2code ├── femanager │ ├── CVE-2022-44543.yaml │ ├── CVE-2023-25013.yaml │ ├── CVE-2023-45023.yaml │ ├── CVE-2023-50459.yaml │ └── CVE-2025-48202.yaml ├── ipandlanguageredirect │ └── CVE-2023-35782.yaml ├── lux │ └── CVE-2022-35628.yaml └── powermail │ ├── CVE-2024-45232.yaml │ └── CVE-2024-47047.yaml ├── ivankristianto └── phpwhois │ └── CVE-2015-5243.yaml ├── james-heinrich └── getid3 │ └── CVE-2014-2053.yaml ├── joomla ├── archive │ ├── CVE-2021-26028.yaml │ └── CVE-2022-23793.yaml ├── filesystem │ └── CVE-2022-23794.yaml ├── filter │ └── CVE-2022-23800.yaml ├── input │ └── CVE-2022-23799.yaml └── session │ └── CVE-2015-8566.yaml ├── jsmitty12 └── phpwhois │ └── CVE-2015-5243.yaml ├── jweiland └── events2 │ └── CVE-2024-38874.yaml ├── kazist └── phpwhois │ └── CVE-2015-5243.yaml ├── klaviyo └── magento2-extension │ └── 2021-05-25-1.yaml ├── knplabs └── knp-snappy │ ├── CVE-2023-28115.yaml │ └── CVE-2023-41330.yaml ├── kreait └── firebase-php │ └── CVE-2018-1000025.yaml ├── la-haute-societe └── tcpdf │ └── CVE-2018-17057.yaml ├── laminas └── laminas-diactoros │ └── CVE-2022-31109.yaml ├── laravel ├── fortify │ └── CVE-2022-25838.yaml ├── framework │ ├── 2014-04-15.yaml │ ├── 2014-05-20.yaml │ ├── 2018-03-30-1.yaml │ ├── 2018-08-08-1.yaml │ ├── 2020-03-13-1.yaml │ ├── 2020-07-27-1.yaml │ ├── 2020-08-06-1.yaml │ ├── 2021-01-21.yaml │ ├── 2021-04-28.yaml │ ├── CVE-2017-14775.yaml │ ├── CVE-2017-9303.yaml │ ├── CVE-2021-21263.yaml │ ├── CVE-2021-43617.yaml │ ├── CVE-2021-43808.yaml │ ├── CVE-2024-13918.yaml │ ├── CVE-2024-13919.yaml │ └── CVE-2024-52301.yaml └── socialite │ ├── 2015-07-23.yaml │ └── 2015-08-03.yaml ├── lcobucci └── jwt │ └── CVE-2021-41106.yaml ├── league ├── commonmark │ ├── CVE-2018-20583.yaml │ └── CVE-2019-10010.yaml └── flysystem │ └── CVE-2021-32708.yaml ├── lexik └── jwt-authentication-bundle │ └── CVE-2021-21424.yaml ├── livewire └── livewire │ └── 2020-09-22-1.yaml ├── magento ├── magento1ce │ ├── 2017-02-07.yaml │ ├── 2018-06-29.yaml │ ├── 2018-11-28.yaml │ ├── CVE-2019-7139.yaml │ ├── CVE-2019-7849.yaml │ ├── CVE-2019-7875.yaml │ ├── CVE-2019-7882.yaml │ ├── CVE-2019-7887.yaml │ ├── CVE-2019-7889.yaml │ ├── CVE-2019-7897.yaml │ ├── CVE-2019-7898.yaml │ ├── CVE-2019-7899.yaml │ ├── CVE-2019-7909.yaml │ ├── CVE-2019-7911.yaml │ ├── CVE-2019-7932.yaml │ ├── CVE-2019-7934.yaml │ ├── CVE-2019-7935.yaml │ ├── CVE-2019-7938.yaml │ ├── CVE-2019-7940.yaml │ ├── CVE-2019-7944.yaml │ ├── CVE-2019-7945.yaml │ ├── CVE-2019-7947.yaml │ ├── CVE-2019-8114.yaml │ ├── CVE-2019-8123.yaml │ └── CVE-2019-8152.yaml ├── magento1ee │ ├── 2017-02-07.yaml │ ├── 2018-11-28.yaml │ ├── CVE-2019-7139.yaml │ ├── CVE-2019-7849.yaml │ ├── CVE-2019-7875.yaml │ ├── CVE-2019-7882.yaml │ ├── CVE-2019-7887.yaml │ ├── CVE-2019-7889.yaml │ ├── CVE-2019-7897.yaml │ ├── CVE-2019-7898.yaml │ ├── CVE-2019-7899.yaml │ ├── CVE-2019-7909.yaml │ ├── CVE-2019-7911.yaml │ ├── CVE-2019-7932.yaml │ ├── CVE-2019-7934.yaml │ ├── CVE-2019-7935.yaml │ ├── CVE-2019-7938.yaml │ ├── CVE-2019-7940.yaml │ ├── CVE-2019-7944.yaml │ ├── CVE-2019-7945.yaml │ ├── CVE-2019-7947.yaml │ ├── CVE-2019-8114.yaml │ ├── CVE-2019-8123.yaml │ └── CVE-2019-8152.yaml └── product-community-edition │ ├── 2018-06-27.yaml │ ├── 2018-09-10.yaml │ ├── 2018-11-28.yaml │ ├── CVE-2016-6485.yaml │ ├── CVE-2019-7139.yaml │ ├── CVE-2019-7846.yaml │ ├── CVE-2019-7849.yaml │ ├── CVE-2019-7850.yaml │ ├── CVE-2019-7851.yaml │ ├── CVE-2019-7852.yaml │ ├── CVE-2019-7853.yaml │ ├── CVE-2019-7854.yaml │ ├── CVE-2019-7855.yaml │ ├── CVE-2019-7857.yaml │ ├── CVE-2019-7858.yaml │ ├── CVE-2019-7859.yaml │ ├── CVE-2019-7860.yaml │ ├── CVE-2019-7861.yaml │ ├── CVE-2019-7862.yaml │ ├── CVE-2019-7863.yaml │ ├── CVE-2019-7864.yaml │ ├── CVE-2019-7865.yaml │ ├── CVE-2019-7866.yaml │ ├── CVE-2019-7867.yaml │ ├── CVE-2019-7868.yaml │ ├── CVE-2019-7869.yaml │ ├── CVE-2019-7871.yaml │ ├── CVE-2019-7872.yaml │ ├── CVE-2019-7873.yaml │ ├── CVE-2019-7874.yaml │ ├── CVE-2019-7875.yaml │ ├── CVE-2019-7876.yaml │ ├── CVE-2019-7877.yaml │ ├── CVE-2019-7880.yaml │ ├── CVE-2019-7881.yaml │ ├── CVE-2019-7882.yaml │ ├── CVE-2019-7885.yaml │ ├── CVE-2019-7886.yaml │ ├── CVE-2019-7887.yaml │ ├── CVE-2019-7888.yaml │ ├── CVE-2019-7889.yaml │ ├── CVE-2019-7890.yaml │ ├── CVE-2019-7892.yaml │ ├── CVE-2019-7895.yaml │ ├── CVE-2019-7896.yaml │ ├── CVE-2019-7897.yaml │ ├── CVE-2019-7898.yaml │ ├── CVE-2019-7899.yaml │ ├── CVE-2019-7903.yaml │ ├── CVE-2019-7904.yaml │ ├── CVE-2019-7908.yaml │ ├── CVE-2019-7909.yaml │ ├── CVE-2019-7911.yaml │ ├── CVE-2019-7912.yaml │ ├── CVE-2019-7913.yaml │ ├── CVE-2019-7915.yaml │ ├── CVE-2019-7921.yaml │ ├── CVE-2019-7923.yaml │ ├── CVE-2019-7925.yaml │ ├── CVE-2019-7926.yaml │ ├── CVE-2019-7927.yaml │ ├── CVE-2019-7928.yaml │ ├── CVE-2019-7929.yaml │ ├── CVE-2019-7930.yaml │ ├── CVE-2019-7932.yaml │ ├── CVE-2019-7934.yaml │ ├── CVE-2019-7935.yaml │ ├── CVE-2019-7936.yaml │ ├── CVE-2019-7937.yaml │ ├── CVE-2019-7938.yaml │ ├── CVE-2019-7939.yaml │ ├── CVE-2019-7940.yaml │ ├── CVE-2019-7942.yaml │ ├── CVE-2019-7944.yaml │ ├── CVE-2019-7945.yaml │ ├── CVE-2019-7947.yaml │ ├── CVE-2019-7950.yaml │ ├── CVE-2019-7951.yaml │ ├── CVE-2019-8090.yaml │ ├── CVE-2019-8092.yaml │ ├── CVE-2019-8093.yaml │ ├── CVE-2019-8107.yaml │ ├── CVE-2019-8108.yaml │ ├── CVE-2019-8109.yaml │ ├── CVE-2019-8110.yaml │ ├── CVE-2019-8111.yaml │ ├── CVE-2019-8112.yaml │ ├── CVE-2019-8113.yaml │ ├── CVE-2019-8114.yaml │ ├── CVE-2019-8115.yaml │ ├── CVE-2019-8116.yaml │ ├── CVE-2019-8117.yaml │ ├── CVE-2019-8118.yaml │ ├── CVE-2019-8119.yaml │ ├── CVE-2019-8120.yaml │ ├── CVE-2019-8121.yaml │ ├── CVE-2019-8122.yaml │ ├── CVE-2019-8123.yaml │ ├── CVE-2019-8124.yaml │ ├── CVE-2019-8126.yaml │ ├── CVE-2019-8127.yaml │ ├── CVE-2019-8128.yaml │ ├── CVE-2019-8129.yaml │ ├── CVE-2019-8130.yaml │ ├── CVE-2019-8131.yaml │ ├── CVE-2019-8132.yaml │ ├── CVE-2019-8133.yaml │ ├── CVE-2019-8134.yaml │ ├── CVE-2019-8135.yaml │ ├── CVE-2019-8136.yaml │ ├── CVE-2019-8137.yaml │ ├── CVE-2019-8138.yaml │ ├── CVE-2019-8139.yaml │ ├── CVE-2019-8140.yaml │ ├── CVE-2019-8141.yaml │ ├── CVE-2019-8142.yaml │ ├── CVE-2019-8143.yaml │ ├── CVE-2019-8144.yaml │ ├── CVE-2019-8145.yaml │ ├── CVE-2019-8146.yaml │ ├── CVE-2019-8147.yaml │ ├── CVE-2019-8148.yaml │ ├── CVE-2019-8149.yaml │ ├── CVE-2019-8150.yaml │ ├── CVE-2019-8151.yaml │ ├── CVE-2019-8152.yaml │ ├── CVE-2019-8153.yaml │ ├── CVE-2019-8154.yaml │ ├── CVE-2019-8156.yaml │ ├── CVE-2019-8157.yaml │ ├── CVE-2019-8158.yaml │ ├── CVE-2019-8159.yaml │ └── CVE-2024-34102.yaml ├── matyhtf └── framework │ └── CVE-2021-43676.yaml ├── mautic └── core │ ├── CVE-2020-35124.yaml │ ├── CVE-2020-35125.yaml │ ├── CVE-2021-27908.yaml │ ├── CVE-2021-27909.yaml │ ├── CVE-2021-27910.yaml │ ├── CVE-2021-27911.yaml │ ├── CVE-2021-27912.yaml │ ├── CVE-2021-27913.yaml │ └── CVE-2021-3142.yaml ├── mdanter └── ecc │ ├── 2024-04-24.yaml │ └── CVE-2024-33851.yaml ├── mediawiki ├── core │ ├── CVE-2018-0503.yaml │ ├── CVE-2018-0504.yaml │ ├── CVE-2018-0505.yaml │ ├── CVE-2018-13258.yaml │ ├── CVE-2019-12466.yaml │ ├── CVE-2019-12467.yaml │ ├── CVE-2019-12468.yaml │ ├── CVE-2019-12469.yaml │ ├── CVE-2019-12470.yaml │ ├── CVE-2019-12471.yaml │ ├── CVE-2019-12472.yaml │ ├── CVE-2019-12473.yaml │ ├── CVE-2019-12474.yaml │ ├── CVE-2019-16738.yaml │ ├── CVE-2019-19709.yaml │ ├── CVE-2020-10959.yaml │ ├── CVE-2020-10960.yaml │ ├── CVE-2020-25812.yaml │ ├── CVE-2020-25813.yaml │ ├── CVE-2020-25814.yaml │ ├── CVE-2020-25815.yaml │ ├── CVE-2020-25827.yaml │ └── CVE-2020-25828.yaml └── semantic-media-wiki │ └── CVE-2022-48614.yaml ├── microsoft ├── microsoft-graph-core │ └── CVE-2023-49283.yaml └── microsoft-graph │ └── CVE-2023-49282.yaml ├── microweber └── microweber │ └── CVE-2023-6566.yaml ├── monolog └── monolog │ └── 2014-12-29-1.yaml ├── mustache └── mustache │ └── CVE-2022-0323.yaml ├── namshi └── jose │ ├── 2015-02-19.yaml │ └── 2015-03-10.yaml ├── nategood └── httpful │ └── 2024-05-01.yaml ├── neos ├── flow │ ├── 2012-03-28.yaml │ ├── 2015-11-23.yaml │ ├── 2016-11-01.yaml │ ├── 2017-04-12.yaml │ └── CVE-2013-7082.yaml ├── form │ └── CVE-2021-32697.yaml ├── neos │ ├── 2015-03-28.yaml │ ├── 2015-11-23.yaml │ ├── 2019-06-17.yaml │ └── CVE-2022-30429.yaml └── swiftmailer │ └── 2017-01-06.yaml ├── nette ├── application │ └── CVE-2020-15227.yaml └── nette │ └── CVE-2020-15227.yaml ├── nitsan └── ns-backup │ └── CVE-2025-48201.yaml ├── nyholm └── psr7 │ └── 2023-04-17.yaml ├── nystudio107 └── craft-seomatic │ └── 2020-04-28-1.yaml ├── nzo └── url-encryptor-bundle │ └── 2020-05-03.yaml ├── onelogin └── php-saml │ ├── 2017-02-28.yaml │ └── CVE-2016-1000253.yaml ├── oneup └── uploader-bundle │ └── CVE-2020-5237.yaml ├── openid └── php-openid │ └── CVE-2013-4701.yaml ├── oro ├── crm │ └── 2015-07-08.yaml └── platform │ └── 2015-07-08.yaml ├── padraic └── humbug_get_contents │ └── CVE-2016-5385.yaml ├── pagarme └── pagarme-php │ └── 2017-11-20.yaml ├── paragonie ├── ecc │ └── CVE-2024-33851.yaml └── random_compat │ └── 2016-03-16.yaml ├── passbolt └── passbolt_api │ ├── 2019-02-11-1.yaml │ ├── 2019-02-11-2.yaml │ ├── 2019-02-11-3.yaml │ ├── 2019-08-07-1.yaml │ ├── 2019-08-07-2.yaml │ ├── 2019-08-07-3.yaml │ └── CVE-2017-1000442.yaml ├── paypal └── merchant-sdk-php │ └── CVE-2017-6099.yaml ├── pear └── archive_tar │ ├── CVE-2018-1000888.yaml │ ├── CVE-2020-28949.yaml │ └── CVE-2020-36193.yaml ├── phpbb └── phpbb │ └── CVE-2020-8226.yaml ├── phpmailer └── phpmailer │ ├── CVE-2015-8476.yaml │ ├── CVE-2016-10033.yaml │ ├── CVE-2016-10045.yaml │ ├── CVE-2017-11503.yaml │ ├── CVE-2017-5223.yaml │ ├── CVE-2018-19296.yaml │ ├── CVE-2020-36326.yaml │ ├── CVE-2021-34551.yaml │ └── CVE-2021-3603.yaml ├── phpmyadmin └── phpmyadmin │ ├── CVE-2020-10802.yaml │ ├── CVE-2020-10803.yaml │ ├── CVE-2020-10804.yaml │ ├── CVE-2020-26934.yaml │ ├── CVE-2020-26935.yaml │ └── CVE-2020-5504.yaml ├── phpoffice ├── phpexcel │ ├── CVE-2015-3542.yaml │ └── CVE-2018-19277.yaml └── phpspreadsheet │ ├── CVE-2018-19277.yaml │ ├── CVE-2019-12331.yaml │ └── CVE-2020-7776.yaml ├── phpseclib └── phpseclib │ ├── CVE-2021-30130.yaml │ ├── CVE-2023-27560.yaml │ ├── CVE-2023-49316.yaml │ ├── CVE-2024-27354.yaml │ └── CVE-2024-27355.yaml ├── phpunit └── phpunit │ └── CVE-2017-9841.yaml ├── phpwhois └── phpwhois │ └── CVE-2015-5243.yaml ├── phpxmlrpc ├── extras │ └── 2017-10-29.yaml └── phpxmlrpc │ ├── 2022-11-28-1.yaml │ └── 2022-11-28-2.yaml ├── propel ├── propel │ └── 2018-02-14.yaml └── propel1 │ └── 2018-02-14.yaml ├── pusher └── pusher-php-server │ └── 2015-05-13.yaml ├── react └── http │ ├── CVE-2022-36032.yaml │ └── CVE-2023-26044.yaml ├── renolit └── reint-downloadmanager │ └── CVE-2025-48207.yaml ├── rmccue └── requests │ └── CVE-2021-29476.yaml ├── robrichards └── xmlseclibs │ ├── 2018-09-27.yaml │ └── CVE-2019-3465.yaml ├── rudloff └── alltube │ ├── CVE-2022-0692.yaml │ ├── CVE-2022-0768.yaml │ └── CVE-2022-24739.yaml ├── sabberworm └── php-css-parser │ └── CVE-2020-13756.yaml ├── sabre └── dav │ ├── CVE-2013-1939.yaml │ └── CVE-2014-2055.yaml ├── scheb └── two-factor-bundle │ ├── 2018-07-08.yaml │ └── 2019-12-19.yaml ├── sensiolabs └── connect │ └── 2018-06-08-1.yaml ├── serluck └── phpwhois │ └── CVE-2015-5243.yaml ├── shopware └── shopware │ ├── 2017-01-24.yaml │ ├── 2017-01-25.yaml │ ├── 2017-06-22.yaml │ ├── 2018-01-22.yaml │ └── CVE-2016-3109.yaml ├── silverstripe ├── admin │ ├── CVE-2021-36150.yaml │ ├── CVE-2022-38146.yaml │ ├── CVE-2023-49783.yaml │ ├── SS-2018-004-1.yaml │ ├── SS-2023-001.yaml │ └── SS-2023-002.yaml ├── assets │ ├── CVE-2019-12245.yaml │ ├── CVE-2020-9280.yaml │ ├── CVE-2022-29858.yaml │ ├── CVE-2022-38147.yaml │ └── CVE-2022-38724.yaml ├── cms │ ├── CVE-2022-37421.yaml │ ├── SS-2015-003-1.yaml │ ├── SS-2015-005-1.yaml │ └── SS-2015-008-1.yaml ├── comments │ └── SS-2018-015-1.yaml ├── forum │ └── SS-2015-017-1.yaml ├── framework │ ├── CVE-2019-12203.yaml │ ├── CVE-2019-12204.yaml │ ├── CVE-2019-12205.yaml │ ├── CVE-2019-12246.yaml │ ├── CVE-2019-12617.yaml │ ├── CVE-2019-14272.yaml │ ├── CVE-2019-14273.yaml │ ├── CVE-2019-16409.yaml │ ├── CVE-2019-19325.yaml │ ├── CVE-2019-19326.yaml │ ├── CVE-2019-5715.yaml │ ├── CVE-2020-26138.yaml │ ├── CVE-2020-6164.yaml │ ├── CVE-2020-9311.yaml │ ├── CVE-2021-25817.yaml │ ├── CVE-2021-41559.yaml │ ├── CVE-2022-25238.yaml │ ├── CVE-2022-28803.yaml │ ├── CVE-2022-37429.yaml │ ├── CVE-2022-37430.yaml │ ├── CVE-2022-38148.yaml │ ├── CVE-2022-38462.yaml │ ├── CVE-2022-38724.yaml │ ├── CVE-2023-22728.yaml │ ├── CVE-2023-22729.yaml │ ├── CVE-2023-32302.yaml │ ├── CVE-2023-48714.yaml │ ├── CVE-2024-32981.yaml │ ├── CVE-2024-47605.yaml │ ├── CVE-2024-53277.yaml │ ├── CVE-2025-30148.yaml │ ├── SS-2014-015-1.yaml │ ├── SS-2014-017-1.yaml │ ├── SS-2015-004-1.yaml │ ├── SS-2015-006-1.yaml │ ├── SS-2015-007-1.yaml │ ├── SS-2015-009-1.yaml │ ├── SS-2015-010-1.yaml │ ├── SS-2015-011-1.yaml │ ├── SS-2015-012-1.yaml │ ├── SS-2015-013-1.yaml │ ├── SS-2015-014-1.yaml │ ├── SS-2015-015-1.yaml │ ├── SS-2015-016-1.yaml │ ├── SS-2015-026-1.yaml │ ├── SS-2015-027-1.yaml │ ├── SS-2015-028-1.yaml │ ├── SS-2016-002-1.yaml │ ├── SS-2016-003-1.yaml │ ├── SS-2016-004-1.yaml │ ├── SS-2016-005-1.yaml │ ├── SS-2016-006-1.yaml │ ├── SS-2016-007-1.yaml │ ├── SS-2016-008-1.yaml │ ├── SS-2016-010-1.yaml │ ├── SS-2016-011-1.yaml │ ├── SS-2016-012-1.yaml │ ├── SS-2016-013-1.yaml │ ├── SS-2016-014-1.yaml │ ├── SS-2016-015-1.yaml │ ├── SS-2016-016-1.yaml │ ├── SS-2017-001-1.yaml │ ├── SS-2017-002-1.yaml │ ├── SS-2017-003-1.yaml │ ├── SS-2017-004-1.yaml │ ├── SS-2017-005-1.yaml │ ├── SS-2017-006-1.yaml │ ├── SS-2017-007-1.yaml │ ├── SS-2017-008-1.yaml │ ├── SS-2017-009-1.yaml │ ├── SS-2017-010-1.yaml │ ├── SS-2018-001-1.yaml │ ├── SS-2018-005-1.yaml │ ├── SS-2018-006-1.yaml │ ├── SS-2018-008-1.yaml │ ├── SS-2018-010-1.yaml │ ├── SS-2018-012-1.yaml │ ├── SS-2018-013-1.yaml │ ├── SS-2018-014-1.yaml │ ├── SS-2018-018-1.yaml │ ├── SS-2018-019-1.yaml │ ├── SS-2018-020-1.yaml │ ├── SS-2024-001.yaml │ ├── SS-2024-002.yaml │ └── SS-2025-001.yaml ├── graphql │ ├── CVE-2019-12437.yaml │ ├── CVE-2020-26136.yaml │ ├── CVE-2020-6165.yaml │ ├── CVE-2021-28661.yaml │ ├── CVE-2023-28104.yaml │ ├── CVE-2023-40180.yaml │ ├── CVE-2023-44401.yaml │ └── SS-2018-007-1.yaml ├── hybridsessions │ └── CVE-2022-24444.yaml ├── registry │ └── CVE-2019-12149.yaml ├── reports │ └── CVE-2024-29885.yaml ├── restfulserver │ └── CVE-2019-12149.yaml ├── silverstripe-omnipay │ └── CVE-2022-29254.yaml ├── subsites │ ├── CVE-2022-42949.yaml │ └── SS-2018-016-1.yaml ├── taxonomy │ └── SS-2018-011-1.yaml ├── userforms │ └── SS-2015-018-1.yaml └── versioned-admin │ └── CVE-2022-38145.yaml ├── simple-updates └── phpwhois │ └── CVE-2015-5243.yaml ├── simplesamlphp ├── saml2 │ ├── CVE-2016-9814.yaml │ ├── CVE-2018-6519.yaml │ ├── CVE-2018-7644.yaml │ └── CVE-2018-7711.yaml ├── simplesamlphp-module-infocard │ └── CVE-2017-12874.yaml └── simplesamlphp │ ├── 201606-01.yaml │ ├── 201710-01.yaml │ ├── 2018-12-20.yaml │ ├── 2019-07-10.yaml │ ├── 2019-11-19.yaml │ ├── CVE-2016-3124.yaml │ ├── CVE-2016-9955.yaml │ ├── CVE-2017-12867.yaml │ ├── CVE-2017-12868.yaml │ ├── CVE-2017-12869.yaml │ ├── CVE-2017-12870.yaml │ ├── CVE-2017-12871.yaml │ ├── CVE-2017-12872.yaml │ ├── CVE-2017-12873.yaml │ ├── CVE-2017-18121.yaml │ ├── CVE-2017-18122.yaml │ ├── CVE-2018-6520.yaml │ ├── CVE-2018-6521.yaml │ └── CVE-2020-5301.yaml ├── sitegeist └── fluid-components │ └── CVE-2023-28604.yaml ├── sjbr └── sr-feuser-register │ └── CVE-2025-48200.yaml ├── slim └── slim │ └── CVE-2015-2171.yaml ├── smarty └── smarty │ ├── CVE-2018-13982.yaml │ ├── CVE-2018-16831.yaml │ ├── CVE-2018-25047.yaml │ ├── CVE-2021-21408.yaml │ ├── CVE-2021-26119.yaml │ ├── CVE-2021-26120.yaml │ ├── CVE-2021-29454.yaml │ ├── CVE-2022-29221.yaml │ └── CVE-2023-28447.yaml ├── socalnick └── scn-social-auth │ └── 2015-01-15.yaml ├── socialiteproviders └── steam │ └── 2021-01-29.yaml ├── spoonity └── tcpdf │ └── CVE-2018-17057.yaml ├── squizlabs └── php_codesniffer │ ├── 2017-03-01.yaml │ └── 2017-05-18.yaml ├── stormpath └── sdk │ └── 2017-11-20.yaml ├── studio-42 └── elfinder │ ├── CVE-2019-6257.yaml │ └── CVE-2019-9194.yaml ├── studiomitte └── friendlycaptcha │ └── CVE-2024-38873.yaml ├── sulu └── sulu │ └── CVE-2023-39343.yaml ├── swiftmailer └── swiftmailer │ ├── 2014-06-13.yaml │ ├── CVE-2016-10074.yaml │ └── CVE-2024-28859.yaml ├── sylius ├── admin-bundle │ └── 2018-07-09.yaml ├── grid-bundle │ └── CVE-2019-12186.yaml ├── grid │ └── CVE-2019-12186.yaml ├── resource-bundle │ ├── CVE-2020-15143.yaml │ ├── CVE-2020-15146.yaml │ └── CVE-2020-5220.yaml └── sylius │ ├── 2018-07-09.yaml │ ├── CVE-2019-12186.yaml │ ├── CVE-2020-15245.yaml │ └── CVE-2020-5220.yaml ├── symbiote ├── silverstripe-multivaluefield │ └── SS-2018-017-1.yaml └── silverstripe-queuedjobs │ └── CVE-2021-27938.yaml ├── symfont └── process │ └── 2021-09-10.yaml ├── symfony ├── cache │ ├── CVE-2019-10912.yaml │ └── CVE-2019-18889.yaml ├── dependency-injection │ ├── 2012-08-28.yaml │ └── CVE-2019-10910.yaml ├── error-handler │ └── CVE-2020-5274.yaml ├── form │ ├── CVE-2015-8125.yaml │ ├── CVE-2017-16790.yaml │ └── CVE-2018-19789.yaml ├── framework-bundle │ ├── CVE-2014-4931.yaml │ ├── CVE-2019-10909.yaml │ └── CVE-2022-23601.yaml ├── http-client │ └── CVE-2024-50342.yaml ├── http-foundation │ ├── 2012-11-29.yaml │ ├── CVE-2012-6431.yaml │ ├── CVE-2013-4752.yaml │ ├── CVE-2014-5244.yaml │ ├── CVE-2014-6061.yaml │ ├── CVE-2015-2309.yaml │ ├── CVE-2018-11386.yaml │ ├── CVE-2018-14773.yaml │ ├── CVE-2019-10913.yaml │ ├── CVE-2019-18888.yaml │ ├── CVE-2020-5255.yaml │ └── CVE-2024-50345.yaml ├── http-kernel │ ├── CVE-2014-5245.yaml │ ├── CVE-2015-2308.yaml │ ├── CVE-2015-4050.yaml │ ├── CVE-2019-18887.yaml │ ├── CVE-2020-15094.yaml │ ├── CVE-2021-41267.yaml │ └── CVE-2022-24894.yaml ├── intl │ └── CVE-2017-16654.yaml ├── maker-bundle │ └── CVE-2021-21424.yaml ├── mime │ └── CVE-2019-18888.yaml ├── phpunit-bridge │ └── CVE-2019-10912.yaml ├── polyfill-php55 │ └── CVE-2013-5958.yaml ├── polyfill │ └── CVE-2013-5958.yaml ├── process │ └── CVE-2024-51736.yaml ├── proxy-manager-bridge │ └── CVE-2019-10910.yaml ├── routing │ ├── 2012-08-28.yaml │ └── CVE-2012-6431.yaml ├── runtime │ └── CVE-2024-50340.yaml ├── security-bundle │ ├── CVE-2018-11406.yaml │ ├── CVE-2018-11408.yaml │ ├── CVE-2021-41268.yaml │ ├── CVE-2022-24895.yaml │ └── CVE-2024-50341.yaml ├── security-core │ ├── CVE-2016-1902.yaml │ ├── CVE-2016-2403.yaml │ ├── CVE-2017-11365.yaml │ ├── CVE-2018-11407.yaml │ └── CVE-2021-21424.yaml ├── security-csrf │ ├── CVE-2017-16653.yaml │ └── CVE-2018-11406.yaml ├── security-guard │ ├── CVE-2018-11385.yaml │ └── CVE-2021-21424.yaml ├── security-http │ ├── CVE-2015-8124.yaml │ ├── CVE-2015-8125.yaml │ ├── CVE-2016-4423.yaml │ ├── CVE-2017-16652.yaml │ ├── CVE-2018-11385.yaml │ ├── CVE-2018-11406.yaml │ ├── CVE-2018-19790.yaml │ ├── CVE-2019-10911.yaml │ ├── CVE-2019-18886.yaml │ ├── CVE-2020-5275.yaml │ ├── CVE-2021-21424.yaml │ ├── CVE-2021-32693.yaml │ ├── CVE-2023-46733.yaml │ └── CVE-2024-51996.yaml ├── security │ ├── CVE-2012-6431.yaml │ ├── CVE-2013-5958.yaml │ ├── CVE-2015-8124.yaml │ ├── CVE-2015-8125.yaml │ ├── CVE-2016-1902.yaml │ ├── CVE-2016-2403.yaml │ ├── CVE-2016-4423.yaml │ ├── CVE-2017-11365.yaml │ ├── CVE-2017-16652.yaml │ ├── CVE-2017-16653.yaml │ ├── CVE-2018-11385.yaml │ ├── CVE-2018-11406.yaml │ ├── CVE-2018-11407.yaml │ ├── CVE-2018-19790.yaml │ ├── CVE-2019-10911.yaml │ ├── CVE-2020-5275.yaml │ └── CVE-2021-21424.yaml ├── serializer │ ├── 2012-02-24.yaml │ └── CVE-2021-41270.yaml ├── symfony │ ├── 2011-11-16.yaml │ ├── 2012-02-24.yaml │ ├── 2012-08-28.yaml │ ├── 2012-11-29.yaml │ ├── CVE-2012-6431.yaml │ ├── CVE-2012-6432.yaml │ ├── CVE-2013-1348.yaml │ ├── CVE-2013-1397.yaml │ ├── CVE-2013-4751.yaml │ ├── CVE-2013-4752.yaml │ ├── CVE-2013-5958.yaml │ ├── CVE-2014-4931.yaml │ ├── CVE-2014-5244.yaml │ ├── CVE-2014-5245.yaml │ ├── CVE-2014-6061.yaml │ ├── CVE-2014-6072.yaml │ ├── CVE-2015-2308.yaml │ ├── CVE-2015-2309.yaml │ ├── CVE-2015-4050.yaml │ ├── CVE-2015-8124.yaml │ ├── CVE-2015-8125.yaml │ ├── CVE-2016-1902.yaml │ ├── CVE-2016-2403.yaml │ ├── CVE-2016-4423.yaml │ ├── CVE-2017-11365.yaml │ ├── CVE-2017-16652.yaml │ ├── CVE-2017-16653.yaml │ ├── CVE-2017-16654.yaml │ ├── CVE-2017-16790.yaml │ ├── CVE-2018-11385.yaml │ ├── CVE-2018-11386.yaml │ ├── CVE-2018-11406.yaml │ ├── CVE-2018-11407.yaml │ ├── CVE-2018-11408.yaml │ ├── CVE-2018-14773.yaml │ ├── CVE-2018-19789.yaml │ ├── CVE-2018-19790.yaml │ ├── CVE-2019-10909.yaml │ ├── CVE-2019-10910.yaml │ ├── CVE-2019-10911.yaml │ ├── CVE-2019-10912.yaml │ ├── CVE-2019-10913.yaml │ ├── CVE-2019-11325.yaml │ ├── CVE-2019-18886.yaml │ ├── CVE-2019-18887.yaml │ ├── CVE-2019-18888.yaml │ ├── CVE-2019-18889.yaml │ ├── CVE-2020-15094.yaml │ ├── CVE-2020-5255.yaml │ ├── CVE-2020-5274.yaml │ ├── CVE-2020-5275.yaml │ ├── CVE-2021-21424.yaml │ ├── CVE-2021-32693.yaml │ ├── CVE-2021-41267.yaml │ ├── CVE-2021-41268.yaml │ ├── CVE-2021-41270.yaml │ ├── CVE-2022-23601.yaml │ ├── CVE-2022-24894.yaml │ ├── CVE-2022-24895.yaml │ ├── CVE-2023-46733.yaml │ ├── CVE-2023-46734.yaml │ ├── CVE-2023-46735.yaml │ ├── CVE-2024-50340.yaml │ ├── CVE-2024-50341.yaml │ ├── CVE-2024-50342.yaml │ ├── CVE-2024-50343.yaml │ ├── CVE-2024-50345.yaml │ ├── CVE-2024-51736.yaml │ └── CVE-2024-51996.yaml ├── translation │ └── 2012-08-28.yaml ├── twig-bridge │ └── CVE-2023-46734.yaml ├── ux-autocomplete │ └── CVE-2023-41336.yaml ├── validator │ ├── 2012-08-28.yaml │ ├── CVE-2013-4751.yaml │ └── CVE-2024-50343.yaml ├── var-exporter │ └── CVE-2019-11325.yaml ├── web-profiler-bundle │ └── CVE-2014-6072.yaml ├── webhook │ └── CVE-2023-46735.yaml └── yaml │ ├── CVE-2013-1348.yaml │ └── CVE-2013-1397.yaml ├── t3s └── content-consent │ └── CVE-2023-50462.yaml ├── tecnickcom └── tcpdf │ └── CVE-2018-17057.yaml ├── terminal42 └── contao-tablelookupwizard │ └── 2022-02-04-1.yaml ├── thelia ├── backoffice-default-template │ └── 2015-02-24-1.yaml └── thelia │ ├── 2015-02-24-1.yaml │ └── 2015-04-13-1.yaml ├── theonedemon └── phpwhois │ └── CVE-2015-5243.yaml ├── timber └── timber │ └── CVE-2024-29800.yaml ├── titon └── framework │ └── 2017-11-20.yaml ├── tpwd └── ke_search │ └── CVE-2023-35783.yaml ├── truckersmp └── phpwhois │ └── CVE-2015-5243.yaml ├── twig └── twig │ ├── 2013-04-08.yaml │ ├── CVE-2015-7809.yaml │ ├── CVE-2019-9942.yaml │ ├── CVE-2022-23614.yaml │ ├── CVE-2022-39261.yaml │ ├── CVE-2024-45411.yaml │ ├── CVE-2024-51754.yaml │ ├── CVE-2024-51755.yaml │ └── CVE-2025-24374.yaml ├── typo3 ├── cms-core │ ├── 2018-07-12-1.yaml │ ├── 2018-07-12-2.yaml │ ├── 2018-07-12-3.yaml │ ├── 2018-07-12-4.yaml │ ├── 2018-12-11-1.yaml │ ├── 2018-12-11-2.yaml │ ├── 2018-12-11-3.yaml │ ├── 2018-12-11-4.yaml │ ├── 2018-12-11-5.yaml │ ├── 2018-12-11-6.yaml │ ├── 2018-12-11-7.yaml │ ├── 2019-01-22-1.yaml │ ├── 2019-01-22-2.yaml │ ├── 2019-01-22-3.yaml │ ├── 2019-01-22-4.yaml │ ├── 2019-01-22-6.yaml │ ├── 2019-01-22-7.yaml │ ├── 2019-01-22-8.yaml │ ├── 2019-05-07-2.yaml │ ├── 2019-05-07-4.yaml │ ├── 2019-05-07-5.yaml │ ├── 2019-06-25-1.yaml │ ├── 2019-06-25-3.yaml │ ├── 2019-06-25-4.yaml │ ├── 2019-06-25-7.yaml │ ├── 2019-12-17-1.yaml │ ├── 2019-12-17-2.yaml │ ├── 2019-12-17-3.yaml │ ├── 2019-12-17-7.yaml │ ├── CVE-2018-14041.yaml │ ├── CVE-2018-17960.yaml │ ├── CVE-2019-10912.yaml │ ├── CVE-2019-11832.yaml │ ├── CVE-2019-12747.yaml │ ├── CVE-2019-12748.yaml │ ├── CVE-2019-19848.yaml │ ├── CVE-2019-19849.yaml │ ├── CVE-2019-19850.yaml │ ├── CVE-2020-11063.yaml │ ├── CVE-2020-11064.yaml │ ├── CVE-2020-11065.yaml │ ├── CVE-2020-11066.yaml │ ├── CVE-2020-11067.yaml │ ├── CVE-2020-11069.yaml │ ├── CVE-2020-15098.yaml │ ├── CVE-2020-15099.yaml │ ├── CVE-2020-15241.yaml │ ├── CVE-2020-26227.yaml │ ├── CVE-2020-26228.yaml │ ├── CVE-2020-26229.yaml │ ├── CVE-2021-21338.yaml │ ├── CVE-2021-21339.yaml │ ├── CVE-2021-21340.yaml │ ├── CVE-2021-21355.yaml │ ├── CVE-2021-21357.yaml │ ├── CVE-2021-21358.yaml │ ├── CVE-2021-21359.yaml │ ├── CVE-2021-21370.yaml │ ├── CVE-2021-32667.yaml │ ├── CVE-2021-32668.yaml │ ├── CVE-2021-32669.yaml │ ├── CVE-2021-32767.yaml │ ├── CVE-2021-32768.yaml │ ├── CVE-2021-41113.yaml │ ├── CVE-2021-41114.yaml │ ├── CVE-2022-23499.yaml │ ├── CVE-2022-23500.yaml │ ├── CVE-2022-23501.yaml │ ├── CVE-2022-23502.yaml │ ├── CVE-2022-23503.yaml │ ├── CVE-2022-23504.yaml │ ├── CVE-2022-31046.yaml │ ├── CVE-2022-31047.yaml │ ├── CVE-2022-31048.yaml │ ├── CVE-2022-31049.yaml │ ├── CVE-2022-31050.yaml │ ├── CVE-2022-36020.yaml │ ├── CVE-2022-36104.yaml │ ├── CVE-2022-36105.yaml │ ├── CVE-2022-36106.yaml │ ├── CVE-2022-36107.yaml │ ├── CVE-2022-36108.yaml │ ├── CVE-2023-24814.yaml │ └── CVE-2023-47127.yaml ├── cms │ ├── 2014-05-22-1.yaml │ ├── 2014-10-22-2.yaml │ ├── 2014-12-09-2.yaml │ ├── 2015-07-01-1.yaml │ ├── 2015-07-01-2.yaml │ ├── 2015-07-01-3.yaml │ ├── 2015-07-01-4.yaml │ ├── 2015-07-01-5.yaml │ ├── 2015-09-08-1.yaml │ ├── 2015-12-15-1.yaml │ ├── 2015-12-15-2.yaml │ ├── 2015-12-15-3.yaml │ ├── 2015-12-15-4.yaml │ ├── 2015-12-15-5.yaml │ ├── 2016-02-16-1.yaml │ ├── 2016-02-16-2.yaml │ ├── 2016-02-16-3.yaml │ ├── 2016-02-16-4.yaml │ ├── 2016-02-23-1.yaml │ ├── 2016-02-23-2.yaml │ ├── 2016-02-23-3.yaml │ ├── 2016-02-23-4.yaml │ ├── 2016-04-12-1.yaml │ ├── 2016-04-12-2.yaml │ ├── 2016-04-12-3.yaml │ ├── 2016-04-12-4.yaml │ ├── 2016-05-24-1.yaml │ ├── 2016-07-19-1.yaml │ ├── 2016-07-19-2.yaml │ ├── 2016-07-19-3.yaml │ ├── 2016-07-19-4.yaml │ ├── 2016-07-19-5.yaml │ ├── 2016-07-19-7.yaml │ ├── 2016-09-14-1.yaml │ ├── 2016-09-14-2.yaml │ ├── 2016-11-22-1.yaml │ ├── 2016-11-22-2.yaml │ ├── 2017-01-03-1.yaml │ ├── 2017-02-28-1.yaml │ ├── 2017-02-28-2.yaml │ ├── 2017-09-05-1.yaml │ ├── 2017-09-05-2.yaml │ ├── 2017-09-05-3.yaml │ ├── 2017-09-05-4.yaml │ ├── 2018-07-12-1.yaml │ ├── 2018-07-12-2.yaml │ ├── 2018-07-12-3.yaml │ ├── 2018-07-12-4.yaml │ ├── 2018-12-11-1.yaml │ ├── 2018-12-11-2.yaml │ ├── 2018-12-11-3.yaml │ ├── 2018-12-11-4.yaml │ ├── 2018-12-11-5.yaml │ ├── 2018-12-11-6.yaml │ ├── 2018-12-11-7.yaml │ ├── 2019-01-22-1.yaml │ ├── 2019-01-22-2.yaml │ ├── 2019-01-22-3.yaml │ ├── 2019-01-22-4.yaml │ ├── 2019-01-22-6.yaml │ ├── 2019-01-22-7.yaml │ ├── 2019-01-22-8.yaml │ ├── 2019-05-07-2.yaml │ ├── 2019-05-07-4.yaml │ ├── 2019-05-07-5.yaml │ ├── 2019-06-25-1.yaml │ ├── 2019-06-25-3.yaml │ ├── 2019-06-25-4.yaml │ ├── 2019-06-25-7.yaml │ ├── 2019-12-17-1.yaml │ ├── 2019-12-17-2.yaml │ ├── 2019-12-17-3.yaml │ ├── 2019-12-17-7.yaml │ ├── CVE-2013-4701.yaml │ ├── CVE-2013-7341.yaml │ ├── CVE-2014-3941.yaml │ ├── CVE-2014-3943.yaml │ ├── CVE-2014-3944.yaml │ ├── CVE-2014-3946.yaml │ ├── CVE-2014-9508.yaml │ ├── CVE-2015-5956.yaml │ ├── CVE-2016-5385.yaml │ ├── CVE-2018-14041.yaml │ ├── CVE-2018-17960.yaml │ ├── CVE-2019-10912.yaml │ ├── CVE-2019-11832.yaml │ ├── CVE-2019-12747.yaml │ ├── CVE-2019-12748.yaml │ ├── CVE-2019-19848.yaml │ ├── CVE-2019-19849.yaml │ ├── CVE-2019-19850.yaml │ ├── CVE-2020-11063.yaml │ ├── CVE-2020-11064.yaml │ ├── CVE-2020-11065.yaml │ ├── CVE-2020-11066.yaml │ ├── CVE-2020-11067.yaml │ ├── CVE-2020-11069.yaml │ ├── CVE-2020-15098.yaml │ ├── CVE-2020-15099.yaml │ ├── CVE-2020-15241.yaml │ ├── CVE-2020-26227.yaml │ ├── CVE-2020-26228.yaml │ ├── CVE-2020-26229.yaml │ ├── CVE-2021-21338.yaml │ ├── CVE-2021-21339.yaml │ ├── CVE-2021-21340.yaml │ ├── CVE-2021-21355.yaml │ ├── CVE-2021-21357.yaml │ ├── CVE-2021-21358.yaml │ ├── CVE-2021-21359.yaml │ ├── CVE-2021-21370.yaml │ ├── CVE-2021-32667.yaml │ ├── CVE-2021-32668.yaml │ ├── CVE-2021-32669.yaml │ ├── CVE-2021-32767.yaml │ ├── CVE-2021-32768.yaml │ ├── CVE-2021-41113.yaml │ ├── CVE-2021-41114.yaml │ ├── CVE-2022-23499.yaml │ ├── CVE-2022-23500.yaml │ ├── CVE-2022-23501.yaml │ ├── CVE-2022-23502.yaml │ ├── CVE-2022-23503.yaml │ ├── CVE-2022-23504.yaml │ ├── CVE-2022-31046.yaml │ ├── CVE-2022-31047.yaml │ ├── CVE-2022-31048.yaml │ ├── CVE-2022-31049.yaml │ ├── CVE-2022-31050.yaml │ ├── CVE-2022-36020.yaml │ ├── CVE-2022-36104.yaml │ ├── CVE-2022-36105.yaml │ ├── CVE-2022-36106.yaml │ ├── CVE-2022-36107.yaml │ ├── CVE-2022-36108.yaml │ └── CVE-2023-24814.yaml ├── flow │ ├── 2012-03-28.yaml │ ├── 2015-11-23.yaml │ ├── 2016-11-01.yaml │ ├── 2017-04-12.yaml │ └── CVE-2013-7082.yaml ├── html-sanitizer │ └── CVE-2022-36020.yaml ├── neos │ ├── 2015-03-28.yaml │ ├── 2015-11-23.yaml │ └── 2019-06-17.yaml ├── phar-stream-wrapper │ ├── 2018-10-18-1.yaml │ ├── CVE-2019-11830.yaml │ └── CVE-2019-11831.yaml └── swiftmailer │ └── 2017-01-06.yaml ├── typo3fluid └── fluid │ ├── CVE-2020-15241.yaml │ └── CVE-2020-26216.yaml ├── ua-parser └── uap-php │ └── 2018-12-14.yaml ├── validator.php ├── vrana └── adminer │ └── 2019-01-20.yaml ├── waldhacker └── hcaptcha │ └── CVE-2023-41100.yaml ├── wallabag └── tcpdf │ └── CVE-2018-17057.yaml ├── wikimedia └── parsoid │ └── CVE-2021-30458.yaml ├── willdurand └── js-translation-bundle │ └── 2014-07-29-1.yaml ├── wp-cli └── wp-cli │ └── CVE-2021-29504.yaml ├── yiisoft ├── yii │ └── CVE-2014-4672.yaml ├── yii2-bootstrap │ └── CVE-2015-3397.yaml ├── yii2-dev │ ├── CVE-2015-3397.yaml │ ├── CVE-2015-5467.yaml │ ├── CVE-2018-6009.yaml │ ├── CVE-2018-6010.yaml │ └── CVE-2018-7269.yaml ├── yii2-elasticsearch │ └── CVE-2018-8074.yaml ├── yii2-gii │ └── CVE-2015-3397.yaml ├── yii2-jui │ └── CVE-2015-3397.yaml ├── yii2-redis │ └── CVE-2018-8073.yaml └── yii2 │ ├── CVE-2015-3397.yaml │ ├── CVE-2015-5467.yaml │ ├── CVE-2018-6009.yaml │ ├── CVE-2018-6010.yaml │ ├── CVE-2018-7269.yaml │ ├── CVE-2020-15148.yaml │ └── CVE-2024-4990.yaml ├── zendframework ├── zend-cache │ └── CVE-2015-5723.yaml ├── zend-captcha │ └── ZF2015-09.yaml ├── zend-crypt │ └── CVE-2015-7503.yaml ├── zend-db │ ├── CVE-2014-8089.yaml │ └── CVE-2015-0270.yaml ├── zend-developer-tools │ └── ZF2019-01.yaml ├── zend-diactoros │ ├── CVE-2015-3257.yaml │ └── ZF2018-01.yaml ├── zend-feed │ └── ZF2018-01.yaml ├── zend-form │ └── ZF2014-03.yaml ├── zend-http │ ├── CVE-2015-3154.yaml │ └── ZF2018-01.yaml ├── zend-json │ └── ZF2014-01.yaml ├── zend-ldap │ └── CVE-2014-8088.yaml ├── zend-mail │ ├── CVE-2015-3154.yaml │ └── ZF2016-04.yaml ├── zend-navigation │ └── ZF2014-03.yaml ├── zend-session │ └── ZF2015-01.yaml ├── zend-validator │ └── CVE-2015-1786.yaml ├── zend-view │ └── ZF2014-03.yaml ├── zend-xmlrpc │ └── ZF2014-01.yaml ├── zendframework │ ├── CVE-2014-8088.yaml │ ├── CVE-2014-8089.yaml │ ├── CVE-2015-0270.yaml │ ├── CVE-2015-1786.yaml │ ├── CVE-2015-3154.yaml │ ├── CVE-2015-5161.yaml │ ├── CVE-2015-5723.yaml │ ├── CVE-2015-7503.yaml │ ├── ZF2012-03.yaml │ ├── ZF2012-04.yaml │ ├── ZF2013-01.yaml │ ├── ZF2013-02.yaml │ ├── ZF2013-03.yaml │ ├── ZF2013-04.yaml │ ├── ZF2014-01.yaml │ ├── ZF2014-03.yaml │ ├── ZF2015-01.yaml │ ├── ZF2015-09.yaml │ ├── ZF2016-04.yaml │ └── ZF2018-01.yaml ├── zendframework1 │ ├── CVE-2014-8088.yaml │ ├── CVE-2014-8089.yaml │ ├── CVE-2015-3154.yaml │ ├── CVE-2015-5161.yaml │ ├── CVE-2015-5723.yaml │ ├── CVE-2016-6233.yaml │ ├── ZF2009-01.yaml │ ├── ZF2009-02.yaml │ ├── ZF2010-01.yaml │ ├── ZF2010-02.yaml │ ├── ZF2010-03.yaml │ ├── ZF2010-05.yaml │ ├── ZF2010-06.yaml │ ├── ZF2010-07.yaml │ ├── ZF2011-01.yaml │ ├── ZF2011-02.yaml │ ├── ZF2012-01.yaml │ ├── ZF2012-02.yaml │ ├── ZF2012-05.yaml │ ├── ZF2014-01.yaml │ ├── ZF2014-02.yaml │ ├── ZF2014-04.yaml │ ├── ZF2015-08.yaml │ ├── ZF2015-09.yaml │ ├── ZF2016-01.yaml │ └── ZF2016-03.yaml ├── zendopenid │ └── ZF2014-02.yaml └── zendxml │ └── CVE-2015-5161.yaml ├── zetacomponents └── mail │ └── CVE-2017-15806.yaml ├── zf-commons └── zfc-user │ └── CVE-2015-1039.yaml ├── zfcampus └── zf-apigility-doctrine │ └── CVE-2015-5723.yaml └── zfr └── zfr-oauth2-server-module └── 2014-04-26.yaml /.editorconfig: -------------------------------------------------------------------------------- 1 | # For more information about the properties used in 2 | # this file, please see the EditorConfig documentation: 3 | # http://editorconfig.org/ 4 | 5 | [*] 6 | charset = utf-8 7 | end_of_line = lf 8 | indent_size = 4 9 | indent_style = space 10 | insert_final_newline = true 11 | trim_trailing_whitespace = true 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /composer.lock 2 | /vendor/ 3 | -------------------------------------------------------------------------------- /3f/pygmentize/2017-05-15.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution 2 | link: https://github.com/dedalozzo/pygmentize/issues/1 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2017-05-15 09:09:00 7 | versions: ['<1.2'] 8 | reference: composer://3f/pygmentize 9 | -------------------------------------------------------------------------------- /adodb/adodb-php/2018-03-06.yaml: -------------------------------------------------------------------------------- 1 | title: Potential SQL injection vector 2 | link: https://github.com/ADOdb/ADOdb/pull/401 3 | branches: 4 | master: 5 | time: 2018-03-06 15:40:00 6 | versions: ['<5.20.12'] 7 | reference: composer://adodb/adodb-php 8 | -------------------------------------------------------------------------------- /adodb/adodb-php/CVE-2016-4855.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in old test script 2 | link: https://github.com/ADOdb/ADOdb/issues/274 3 | cve: CVE-2016-4855 4 | branches: 5 | master: 6 | time: 2016-08-28 23:50:00 7 | versions: ['<5.20.6'] 8 | reference: composer://adodb/adodb-php 9 | -------------------------------------------------------------------------------- /amphp/http-client/2020-06-16.yaml: -------------------------------------------------------------------------------- 1 | title: Header leakage on cross-domain redirects 2 | link: https://github.com/amphp/http-client/releases/tag/v4.4.0 3 | cve: ~ 4 | branches: 5 | 4.x: 6 | time: 2020-06-16 20:55:00 7 | versions: ['>=4', '<4.4.0'] 8 | reference: composer://amphp/http-client 9 | -------------------------------------------------------------------------------- /amphp/http-client/CVE-2024-2653.yaml: -------------------------------------------------------------------------------- 1 | title: Denial of Service via HTTP/2 CONTINUATION Frames 2 | link: https://github.com/amphp/http-client/security/advisories/GHSA-w8gf-g2vq-j2f4 3 | cve: CVE-2024-2653 4 | branches: 5 | 4.x: 6 | time: ~ 7 | versions: [ '>=4.0.0-rc10', '<=4.0.0' ] 8 | reference: composer://amphp/http-client 9 | -------------------------------------------------------------------------------- /amphp/http/2018-03-15.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect header injection check 2 | link: https://github.com/amphp/http/releases/tag/v1.0.1 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2018-03-15 17:25:00 7 | versions: ['<1.0.1'] 8 | reference: composer://amphp/http 9 | -------------------------------------------------------------------------------- /amphp/http/CVE-2024-2653.yaml: -------------------------------------------------------------------------------- 1 | title: Denial of Service via HTTP/2 CONTINUATION Frames 2 | link: https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm 3 | cve: CVE-2024-2653 4 | branches: 5 | 2.x: 6 | time: ~ 7 | versions: ['>=2.0.0', '<=2.1.0'] 8 | 1.x: 9 | time: ~ 10 | versions: [ '<=1.7.2' ] 11 | reference: composer://amphp/http 12 | -------------------------------------------------------------------------------- /asymmetricrypt/asymmetricrypt/2017-11-20.yaml: -------------------------------------------------------------------------------- 1 | title: Padding Oracle Vulnerability in RSA Encryption 2 | link: https://github.com/Cosmicist/AsymmetriCrypt/issues/4 3 | cve: ~ 4 | branches: 5 | 0.x: 6 | time: ~ 7 | versions: ['>=0.0.0', '<9.9.99'] 8 | reference: composer://asymmetricrypt/asymmetricrypt 9 | -------------------------------------------------------------------------------- /aws/aws-sdk-php/CVE-2015-5723.yaml: -------------------------------------------------------------------------------- 1 | title: Security Misconfiguration Vulnerability in the AWS SDK for PHP 2 | link: https://github.com/aws/aws-sdk-php/releases/tag/3.2.1 3 | cve: CVE-2015-5723 4 | branches: 5 | 3.x: 6 | time: 2015-07-24 0:41:41 7 | versions: ['>=3.0.0', '<3.2.1'] 8 | reference: composer://aws/aws-sdk-php 9 | -------------------------------------------------------------------------------- /aws/aws-sdk-php/CVE-2023-51651.yaml: -------------------------------------------------------------------------------- 1 | title: Potential URI resolution path traversal in the AWS SDK for PHP 2 | link: https://nvd.nist.gov/vuln/detail/CVE-2023-51651 3 | cve: CVE-2023-51651 4 | branches: 5 | 3.x: 6 | time: 2023-11-22 0:00:00 7 | versions: ['>=3.0.0', '<3.288.1'] 8 | reference: composer://aws/aws-sdk-php 9 | -------------------------------------------------------------------------------- /brightlocal/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.2.5'] 8 | reference: composer://brightlocal/phpwhois -------------------------------------------------------------------------------- /brotkrueml/codehighlight/2021-03-16-1.yaml: -------------------------------------------------------------------------------- 1 | title: Regular expression Denial of Service 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2021-002 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2021-01-01 16:46:38 7 | versions: ['<2.5.0'] 8 | reference: composer://brotkrueml/codehighlight 9 | -------------------------------------------------------------------------------- /brotkrueml/codehighlight/2021-11-10-1.yaml: -------------------------------------------------------------------------------- 1 | title: Regular expression Denial of Service 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2021-016 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2021-09-16 18:09:24 7 | versions: ['<2.7.0'] 8 | reference: composer://brotkrueml/codehighlight 9 | -------------------------------------------------------------------------------- /brotkrueml/schema/CVE-2022-33154.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-Site Scripting 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2022-012 3 | cve: CVE-2022-33154 4 | branches: 5 | main: 6 | time: 2022-06-13 13:44:26 7 | versions: ['>=2.0.0', '<2.5.1'] 8 | 1.x: 9 | time: 2022-06-13 14:06:30 10 | versions: ['<1.13.1'] 11 | reference: composer://brotkrueml/schema 12 | -------------------------------------------------------------------------------- /brotkrueml/typo3-matomo-integration/CVE-2022-33156.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-Site Scripting 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2022-011 3 | cve: CVE-2022-33156 4 | branches: 5 | main: 6 | time: 2022-06-13 13:40:15 7 | versions: ['<1.3.2'] 8 | reference: composer://brotkrueml/typo3-matomo-integration 9 | -------------------------------------------------------------------------------- /bugsnag/bugsnag-laravel/CVE-2016-5385.yaml: -------------------------------------------------------------------------------- 1 | title: HTTP Proxy header vulnerability 2 | link: https://github.com/bugsnag/bugsnag-laravel/releases/tag/v2.0.2 3 | cve: CVE-2016-5385 4 | branches: 5 | master: 6 | time: 2016-07-18 20:27:36 7 | versions: ['>=2', '<2.0.2'] 8 | reference: composer://bugsnag/bugsnag-laravel 9 | -------------------------------------------------------------------------------- /cakephp/cakephp/2015-05-07.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect CSRF validation 2 | link: https://bakery.cakephp.org/2015/05/07/cakephp_3_0_4_released.html 3 | cve: ~ 4 | branches: 5 | 3.0.x: 6 | time: 2015-05-07 11:30:00 7 | versions: ['>=3.0.0', '<3.0.4'] 8 | reference: composer://cakephp/cakephp 9 | -------------------------------------------------------------------------------- /cartalyst/sentry/2016-09-05.yaml: -------------------------------------------------------------------------------- 1 | title: Null reset codes were allowed 2 | link: https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other 3 | cve: ~ 4 | branches: 5 | 2.1.x: 6 | time: 2016-10-04 20:18:00 7 | versions: ['<=2.1.6'] 8 | reference: composer://cartalyst/sentry 9 | -------------------------------------------------------------------------------- /causal/oidc/CVE-2024-30173.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)' 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2024-002 3 | cve: CVE-2024-30173 4 | branches: 5 | main: 6 | time: 2024-04-02 08:03:00 7 | versions: ['<2.1.0'] 8 | reference: composer://causal/oidc 9 | -------------------------------------------------------------------------------- /causal/oidc/CVE-2025-24856.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)' 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2025-001 3 | cve: CVE-2025-24856 4 | branches: 5 | main: 6 | time: 2025-01-27 18:56:00 7 | versions: ['<4.0.0'] 8 | reference: composer://causal/oidc 9 | -------------------------------------------------------------------------------- /codeigniter/framework/2015-10-31-1.yaml: -------------------------------------------------------------------------------- 1 | title: XSS attack vector in Security Library method xss_clean() 2 | link: https://www.codeigniter.com/user_guide/changelog.html#version-3-0-3 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2015-10-27 12:30:18 7 | versions: ['<3.0.3'] 8 | reference: composer://codeigniter/framework 9 | -------------------------------------------------------------------------------- /codeigniter/framework/2016-07-26-1.yaml: -------------------------------------------------------------------------------- 1 | title: Critical SQL injection bug in the ODBC database driver 2 | link: https://forum.codeigniter.com/thread-65803.html 3 | cve: ~ 4 | branches: 5 | "3.0": 6 | time: 2015-07-26 19:42:05 7 | versions: ['<=3.0.6'] 8 | reference: composer://codeigniter/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-21647.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4" 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-w6jr-wj64-mc9x 3 | cve: CVE-2022-21647 4 | branches: 5 | master: 6 | time: 2022-01-04 00:59:31 7 | versions: ['<4.1.6'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-21715.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-21715: XSS Vulnerability in API\\ResponseTrait in CodeIgniter4" 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62 3 | cve: CVE-2022-21715 4 | branches: 5 | master: 6 | time: 2022-01-24 17:41:56 7 | versions: ['<4.1.8'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-23556.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-23556: Attackers may spoof IP address when using proxy" 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-ghw3-5qvm-3mqc 3 | cve: CVE-2022-23556 4 | branches: 5 | master: 6 | time: 2022-12-22 02:49:45 7 | versions: ['<4.2.11'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-24711.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4" 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-xjp4-6w75-qrj7 3 | cve: CVE-2022-24711 4 | branches: 5 | master: 6 | time: 2022-02-26 00:51:52 7 | versions: ['<4.1.9'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-39284.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-39284: Config\\Cookie Secure or HttpOnly flag not set in CodeIgniter4" 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-745p-r637-7vvp 3 | cve: CVE-2022-39284 4 | branches: 5 | master: 6 | time: 2022-10-06 09:39:42 7 | versions: ['<4.2.7'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /codeigniter4/framework/CVE-2022-46170.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-46170: Potential Session Handlers Vulnerability " 2 | link: https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558 3 | cve: CVE-2022-46170 4 | branches: 5 | master: 6 | time: 2022-12-22 02:49:45 7 | versions: ['<4.2.11'] 8 | reference: composer://codeigniter4/framework 9 | -------------------------------------------------------------------------------- /composer/composer/CVE-2015-8371.yaml: -------------------------------------------------------------------------------- 1 | title: Composer Cache Injection vulnerability 2 | link: http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html 3 | cve: CVE-2015-8371 4 | branches: 5 | master: 6 | time: 2016-02-10 14:51:23 7 | versions: ['<=1.0.0-alpha11'] 8 | reference: composer://composer/composer 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2017-10993.yaml: -------------------------------------------------------------------------------- 1 | title: A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter 2 | link: https://contao.org/en/news/contao-4_4_1.html 3 | cve: CVE-2017-10993 4 | branches: 5 | 4.x: 6 | time: 2017-07-12 09:09:38 7 | versions: ['>=4.0.0', '<4.4.1'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2017-16558.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection vulnerabililty in the back end search filter 2 | link: https://contao.org/en/news/contao-4_4_8.html 3 | cve: CVE-2017-16558 4 | branches: 5 | 4.x: 6 | time: 2017-11-15 08:51:00 7 | versions: ['>=4.0.0', '<4.4.8'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2019-10642.yaml: -------------------------------------------------------------------------------- 1 | title: The CSRF token check can be bypassed 2 | link: https://contao.org/en/news/security-vulnerability-cve-2019-10642.html 3 | cve: CVE-2019-10642 4 | branches: 5 | 4.7.x: 6 | time: 2019-04-09 12:21:00 7 | versions: ['>=4.7.0', '<4.7.3'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2019-10643.yaml: -------------------------------------------------------------------------------- 1 | title: Confirming an opt-in token does not invalidate previous opt-in tokens 2 | link: https://contao.org/en/news/security-vulnerability-cve-2019-10643.html 3 | cve: CVE-2019-10643 4 | branches: 5 | 4.7.x: 6 | time: 2019-04-09 12:21:00 7 | versions: ['>=4.7.0', '<4.7.3'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2019-19714.yaml: -------------------------------------------------------------------------------- 1 | title: Insert tag injection in the login module 2 | link: https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html 3 | cve: CVE-2019-19714 4 | branches: 5 | 4.8.x: 6 | time: 2019-12-17 11:43:00 7 | versions: ['>=4.8.4', '<4.8.6'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/contao/CVE-2022-24899.yaml: -------------------------------------------------------------------------------- 1 | title: Cross site scripting via canonical URL 2 | link: https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html 3 | cve: CVE-2022-24899 4 | branches: 5 | 4.13.x: 6 | time: 2022-05-05 06:38:47 7 | versions: ['>=4.13.0', '<4.13.3'] 8 | reference: composer://contao/contao 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2017-10993.yaml: -------------------------------------------------------------------------------- 1 | title: A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter 2 | link: https://contao.org/en/news/contao-4_4_1.html 3 | cve: CVE-2017-10993 4 | branches: 5 | 4.x: 6 | time: 2017-07-12 09:09:38 7 | versions: ['>=4.0.0', '<4.4.1'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2017-16558.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection vulnerabililty in the back end search filter 2 | link: https://contao.org/en/news/contao-4_4_8.html 3 | cve: CVE-2017-16558 4 | branches: 5 | 4.x: 6 | time: 2017-11-15 08:51:00 7 | versions: ['>=4.0.0', '<4.4.8'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2019-10642.yaml: -------------------------------------------------------------------------------- 1 | title: The CSRF token check can be bypassed 2 | link: https://contao.org/en/news/security-vulnerability-cve-2019-10642.html 3 | cve: CVE-2019-10642 4 | branches: 5 | 4.7.x: 6 | time: 2019-04-09 12:21:00 7 | versions: ['>=4.7.0', '<4.7.3'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2019-10643.yaml: -------------------------------------------------------------------------------- 1 | title: Confirming an opt-in token does not invalidate previous opt-in tokens 2 | link: https://contao.org/en/news/security-vulnerability-cve-2019-10643.html 3 | cve: CVE-2019-10643 4 | branches: 5 | 4.7.x: 6 | time: 2019-04-09 12:21:00 7 | versions: ['>=4.7.0', '<4.7.3'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2019-19714.yaml: -------------------------------------------------------------------------------- 1 | title: Insert tag injection in the login module 2 | link: https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html 3 | cve: CVE-2019-19714 4 | branches: 5 | 4.8.x: 6 | time: 2019-12-17 11:43:00 7 | versions: ['>=4.8.4', '<4.8.6'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core-bundle/CVE-2022-24899.yaml: -------------------------------------------------------------------------------- 1 | title: Cross site scripting via canonical URL 2 | link: https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html 3 | cve: CVE-2022-24899 4 | branches: 5 | 4.13.x: 6 | time: 2022-05-05 06:38:47 7 | versions: ['>=4.13.0', '<4.13.3'] 8 | reference: composer://contao/core-bundle 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2016-4567.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967) 2 | link: https://contao.org/en/news/contao-3_5_15.html 3 | cve: CVE-2016-4567 4 | branches: 5 | 3.x: 6 | time: 2016-07-15 08:22:14 7 | versions: ['>=3.0.0', '<3.5.15'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2017-10993.yaml: -------------------------------------------------------------------------------- 1 | title: A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter 2 | link: https://contao.org/en/news/contao-3_5_28.html 3 | cve: CVE-2017-10993 4 | branches: 5 | 3.x: 6 | time: 2017-07-12 07:10:24 7 | versions: ['>=3.0.0', '<3.5.28'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2017-16558.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection vulnerabililty in the back end search filter and the front end listing module 2 | link: https://contao.org/en/news/contao-3_5_31.html 3 | cve: CVE-2017-16558 4 | branches: 5 | 3.x: 6 | time: 2017-11-15 08:53:00 7 | versions: ['>=3.0.0', '<3.5.31'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2018-10125.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-site scripting (XSS) vulnerability in the system log of the back end 2 | link: https://contao.org/en/news/contao-3_5_35.html 3 | cve: CVE-2018-10125 4 | branches: 5 | 3.x: 6 | time: 2018-04-18 09:51:00 7 | versions: ['>=3.0.0', '<3.5.35'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2018-5478.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension 2 | link: https://contao.org/en/news/contao-3_5_32.html 3 | cve: CVE-2018-5478 4 | branches: 5 | 3.x: 6 | time: 2018-01-18 09:14:00 7 | versions: ['>=3.0.0', '<3.5.32'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/core/CVE-2019-10641.yaml: -------------------------------------------------------------------------------- 1 | title: Existing sessions are not correctly invalidated when a user changes their password 2 | link: https://contao.org/en/news/security-vulnerability-cve-2019-10641.html 3 | cve: CVE-2019-10641 4 | branches: 5 | 3.x: 6 | time: 2019-04-09 10:24:00 7 | versions: ['>=3.0.0', '<3.5.39'] 8 | reference: composer://contao/core 9 | -------------------------------------------------------------------------------- /contao/listing-bundle/CVE-2017-16558.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection vulnerabililty in the front end listing module 2 | link: https://contao.org/en/news/contao-4_4_8.html 3 | cve: CVE-2017-16558 4 | branches: 5 | 4.x: 6 | time: 2017-11-15 08:53:00 7 | versions: ['>=4.0.0', '<4.4.8'] 8 | reference: composer://contao/listing-bundle 9 | -------------------------------------------------------------------------------- /datadog/dd-trace/2019-09-26-1.yaml: -------------------------------------------------------------------------------- 1 | title: Circumvents open_basedir INI directive 2 | link: https://github.com/DataDog/dd-trace-php/releases/tag/0.30.0 3 | cve: ~ 4 | branches: 5 | 0.30.x: 6 | time: 2019-09-19 02:00:50 7 | versions: ['>=0.30.0', '<0.30.2'] 8 | reference: composer://datadog/dd-trace 9 | -------------------------------------------------------------------------------- /david-garcia/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.3.1'] 8 | reference: composer://david-garcia/phpwhois -------------------------------------------------------------------------------- /dnadesign/silverstripe-elemental/CVE-2025-25197.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2025-25197 - XSS attack in elemental \"Content blocks in use\" report" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2025-25197 3 | cve: CVE-2025-25197 4 | branches: 5 | 5.3.x: 6 | time: 2025-04-10 02:37:11 7 | versions: ['<5.3.12'] 8 | reference: composer://dnadesign/silverstripe-elemental 9 | -------------------------------------------------------------------------------- /doctrine/orm/2011-09-25.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection possibility 2 | link: https://www.doctrine-project.org/blog/doctrine-security-fix.html 3 | cve: ~ 4 | branches: 5 | 2.x: 6 | time: 2011-09-25 17:37:08 7 | versions: ['>=2.0.0', '<2.0.3'] 8 | reference: composer://doctrine/orm 9 | -------------------------------------------------------------------------------- /doctrine/orm/2021-04-06.yaml: -------------------------------------------------------------------------------- 1 | title: Regression in Query Parenthesis can have Security Implications 2 | link: https://github.com/doctrine/orm/pull/8591 3 | cve: ~ 4 | branches: 5 | 2.8.x: 6 | time: 2021-04-06 13:30:00 7 | versions: ['>=2.8.3', '<2.8.4'] 8 | reference: composer://doctrine/orm 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2010-4879.yaml: -------------------------------------------------------------------------------- 1 | title: PHP remote file inclusion vulnerability in dompdf.php 2 | link: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 3 | cve: CVE-2010-4879 4 | branches: 5 | 0.6.x: 6 | time: 2014-03-10 21:57:58 7 | versions: ['>=0.6', '<0.6.1'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2014-2383.yaml: -------------------------------------------------------------------------------- 1 | title: Arbitrary file read in dompdf 2 | link: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/ 3 | cve: CVE-2014-2383 4 | branches: 5 | 0.6.x: 6 | time: 2014-03-10 21:57:58 7 | versions: ['>=0.6.0', '<0.6.1'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2014-5011.yaml: -------------------------------------------------------------------------------- 1 | title: Information Disclosure 2 | link: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 3 | cve: CVE-2014-5011 4 | branches: 5 | 0.6.x: 6 | time: 2015-12-07 00:07:13 7 | versions: ['>=0.6', '<0.6.2'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2014-5012.yaml: -------------------------------------------------------------------------------- 1 | title: Denial Of Service Vector 2 | link: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 3 | cve: CVE-2014-5012 4 | branches: 5 | 0.6.x: 6 | time: 2015-12-07 00:07:13 7 | versions: ['>=0.6', '<0.6.2'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2014-5013.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution (complement of CVE-2014-2383) 2 | link: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 3 | cve: CVE-2014-5013 4 | branches: 5 | 0.6.x: 6 | time: 2015-12-07 00:07:13 7 | versions: ['>=0.6', '<0.6.2'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2022-0085.yaml: -------------------------------------------------------------------------------- 1 | title: Server-Side Request Forgery in dompdf/dompdf 2 | link: https://github.com/advisories/GHSA-pf6p-25r2-fx45 3 | cve: CVE-2022-0085 4 | branches: 5 | master: 6 | time: 2022-06-23 13:55:00 7 | versions: ['<2.0.0'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2022-28368.yaml: -------------------------------------------------------------------------------- 1 | title: Remote code injection via remote fonts 2 | link: https://github.com/advisories/GHSA-x752-qjv4-c4hc 3 | cve: CVE-2022-28368 4 | branches: 5 | master: 6 | time: 2022-03-24 13:59:00 7 | versions: ['<1.2.1'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2022-41343.yaml: -------------------------------------------------------------------------------- 1 | title: Remote file inclusion 2 | link: https://github.com/advisories/GHSA-6x28-7h8c-chx4 3 | cve: CVE-2022-41343 4 | branches: 5 | master: 6 | time: 2022-09-22 13:54:00 7 | versions: ['<2.0.1'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2023-23924.yaml: -------------------------------------------------------------------------------- 1 | title: Dompdf vulnerable to URI validation failure on SVG parsing 2 | link: https://github.com/advisories/GHSA-3cw5-7cxw-v5qg 3 | cve: CVE-2023-23924 4 | branches: 5 | master: 6 | time: 2023-01-31 14:30:00 7 | versions: ['<2.0.2'] 8 | reference: composer://dompdf/dompdf 9 | -------------------------------------------------------------------------------- /dompdf/dompdf/CVE-2023-50262.yaml: -------------------------------------------------------------------------------- 1 | title: 'Denial of service caused by infinite recursion when parsing SVG images' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-50262' 3 | cve: CVE-2023-50262 4 | branches: 5 | 2.x: 6 | versions: [ '<2.0.4' ] 7 | time: 2023-12-12 09:17:00 8 | reference: 'composer://dompdf/dompdf' 9 | -------------------------------------------------------------------------------- /drupal/core/2020-05-20-1.yaml: -------------------------------------------------------------------------------- 1 | title: Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 2 | link: https://www.drupal.org/sa-core-2020-003 3 | branches: 4 | 7.x: 5 | time: 2020-05-20 13:37:00 6 | versions: ['>=7.0.0','<7.70'] 7 | reference: composer://drupal/core 8 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3162.yaml: -------------------------------------------------------------------------------- 1 | title: File upload access bypass and denial of service 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3162 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3163.yaml: -------------------------------------------------------------------------------- 1 | title: Brute force amplification attacks via XML-RPC 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3163 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3164.yaml: -------------------------------------------------------------------------------- 1 | title: Open redirect via path manipulation 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3164 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3165.yaml: -------------------------------------------------------------------------------- 1 | title: Form API ignores access restrictions on submit buttons 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3165 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3166.yaml: -------------------------------------------------------------------------------- 1 | title: HTTP header injection using line breaks 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3166 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3167.yaml: -------------------------------------------------------------------------------- 1 | title: Open redirect via double-encoded 'destination' parameter 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3167 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3168.yaml: -------------------------------------------------------------------------------- 1 | title: Reflected file download vulnerability 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3168 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3169.yaml: -------------------------------------------------------------------------------- 1 | title: Saving user accounts can sometimes grant the user all roles 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3169 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3170.yaml: -------------------------------------------------------------------------------- 1 | title: Email address can be matched to an account 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3170 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-3171.yaml: -------------------------------------------------------------------------------- 1 | title: Session data truncation can lead to unserialization of user provided data 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3171 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/core/CVE-2016-7571.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-site Scripting in http exceptions 2 | link: https://www.drupal.org/SA-CORE-2016-004 3 | cve: CVE-2016-7571 4 | branches: 5 | 8.0.x: 6 | time: 2016-09-21 18:39:00 7 | versions: ['>=8.0','<8.1.0'] 8 | 8.1.x: 9 | time: 2016-09-21 18:39:00 10 | versions: ['>=8.1.0','<8.1.10'] 11 | reference: composer://drupal/core 12 | -------------------------------------------------------------------------------- /drupal/core/CVE-2019-6342.yaml: -------------------------------------------------------------------------------- 1 | title: Critical - Access bypass 2 | link: https://www.drupal.org/sa-core-2019-008 3 | cve: CVE-2019-6342 4 | branches: 5 | 8.7.x: 6 | time: 2019-07-16 16:24:00 7 | versions: ['>8.7.3','<8.7.5'] 8 | reference: composer://drupal/core 9 | -------------------------------------------------------------------------------- /drupal/drupal/2020-05-20-1.yaml: -------------------------------------------------------------------------------- 1 | title: Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 2 | link: https://www.drupal.org/sa-core-2020-003 3 | branches: 4 | 7.x: 5 | time: 2020-05-20 13:37:00 6 | versions: ['>=7.0.0','<7.70'] 7 | reference: composer://drupal/drupal 8 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3162.yaml: -------------------------------------------------------------------------------- 1 | title: File upload access bypass and denial of service 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3162 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3163.yaml: -------------------------------------------------------------------------------- 1 | title: Brute force amplification attacks via XML-RPC 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3163 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3164.yaml: -------------------------------------------------------------------------------- 1 | title: Open redirect via path manipulation 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3164 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3165.yaml: -------------------------------------------------------------------------------- 1 | title: Form API ignores access restrictions on submit buttons 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3165 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3166.yaml: -------------------------------------------------------------------------------- 1 | title: HTTP header injection using line breaks 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3166 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3167.yaml: -------------------------------------------------------------------------------- 1 | title: Open redirect via double-encoded 'destination' parameter 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3167 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3168.yaml: -------------------------------------------------------------------------------- 1 | title: Reflected file download vulnerability 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3168 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3169.yaml: -------------------------------------------------------------------------------- 1 | title: Saving user accounts can sometimes grant the user all roles 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3169 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3170.yaml: -------------------------------------------------------------------------------- 1 | title: Email address can be matched to an account 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3170 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2016-3171.yaml: -------------------------------------------------------------------------------- 1 | title: Session data truncation can lead to unserialization of user provided data 2 | link: https://www.drupal.org/SA-CORE-2016-001 3 | cve: CVE-2016-3171 4 | branches: 5 | 8.0.x: 6 | time: 2016-02-15 18:57:00 7 | versions: ['>=8.0','<8.0.4'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /drupal/drupal/CVE-2019-6342.yaml: -------------------------------------------------------------------------------- 1 | title: Critical - Access bypass 2 | link: https://www.drupal.org/sa-core-2019-008 3 | cve: CVE-2019-6342 4 | branches: 5 | 8.7.x: 6 | time: 2019-07-16 16:24:00 7 | versions: ['>8.7.3','<8.7.5'] 8 | reference: composer://drupal/drupal 9 | -------------------------------------------------------------------------------- /elijaa/phpmemcacheadmin/CVE-2023-6026.yaml: -------------------------------------------------------------------------------- 1 | title: 'PHPMemcachedAdmin Path Traversal vulnerability' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-6026' 3 | cve: CVE-2023-6026 4 | branches: 5 | 1.x: 6 | time: null 7 | versions: ['<=1.3.0'] 8 | master: 9 | time: null 10 | versions: ['<=1.3.0'] 11 | reference: 'composer://elijaa/phpmemcacheadmin' 12 | -------------------------------------------------------------------------------- /elijaa/phpmemcacheadmin/CVE-2023-6027.yaml: -------------------------------------------------------------------------------- 1 | title: 'PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-6027' 3 | cve: CVE-2023-6027 4 | branches: 5 | 1.x: 6 | time: null 7 | versions: ['<=1.3.0'] 8 | reference: 'composer://elijaa/phpmemcacheadmin' 9 | -------------------------------------------------------------------------------- /endroid/qr-code-bundle/2019-12-22.yaml: -------------------------------------------------------------------------------- 1 | title: Disclosure of files via logo_path query parameter 2 | link: https://github.com/endroid/qr-code-bundle/releases/tag/3.4.2 3 | branches: 4 | master: 5 | time: 2020-01-01 16:15:00 6 | versions: ['<3.4.2'] 7 | reference: composer://endroid/qr-code-bundle 8 | -------------------------------------------------------------------------------- /enshrined/svg-sanitize/CVE-2022-23638.yaml: -------------------------------------------------------------------------------- 1 | title: A cross-site scripting vulnerability 2 | link: https://github.com/advisories/GHSA-fqx8-v33p-4qcc 3 | cve: CVE-2022-23638 4 | branches: 5 | master: 6 | time: 2022-02-15 01:54:00 7 | versions: ['<0.15.0'] 8 | reference: composer://enshrined/svg-sanitize 9 | -------------------------------------------------------------------------------- /erusev/parsedown/CVE-2018-1000162.yaml: -------------------------------------------------------------------------------- 1 | title: Cross-Site Scripting 2 | link: https://github.com/erusev/parsedown/pull/495 3 | cve: CVE-2018-1000162 4 | branches: 5 | 1.x: 6 | time: ~ 7 | versions: ['<1.7.0'] 8 | reference: composer://erusev/parsedown 9 | -------------------------------------------------------------------------------- /erusev/parsedown/CVE-2019-10905.yaml: -------------------------------------------------------------------------------- 1 | title: Class-Name Injection 2 | link: https://github.com/erusev/parsedown/issues/699 3 | cve: CVE-2019-10905 4 | branches: 5 | 1.x: 6 | time: ~ 7 | versions: ['<1.7.2'] 8 | reference: composer://erusev/parsedown 9 | -------------------------------------------------------------------------------- /ezsystems/demobundle/2020-04-21-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS 2 | link: https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs 3 | reference: composer://ezsystems/demobundle 4 | branches: 5 | 5.4.x: 6 | time: 2020-04-21 12:07:00 7 | versions: ['>=5.4.0','<5.4.6.1'] 8 | -------------------------------------------------------------------------------- /ezsystems/ez-support-tools/2020-12-01-1.yaml: -------------------------------------------------------------------------------- 1 | title: IBEXA-SA-2020-007 Failing access control in system info view 2 | link: https://developers.ibexa.co/security-advisories/ibexa-sa-2020-007-failing-access-control-in-system-info-view 3 | reference: composer://ezsystems/ez-support-tools 4 | branches: 5 | 2.2.x: 6 | time: 2020-12-01 13:36:00 7 | versions: ['>=2.2.0','<2.2.3'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezdemo-ls-extension/2020-04-21-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS 2 | link: https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs 3 | reference: composer://ezsystems/ezdemo-ls-extension 4 | branches: 5 | 5.4.x: 6 | time: 2020-04-21 12:12:00 7 | versions: ['>=5.4.0','<5.4.2.1'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezplatform-admin-ui-assets/2019-07-04-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2019-005 Bundled jQuery affected by CVE-2019-11358 2 | link: https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358 3 | reference: composer://ezsystems/ezplatform-admin-ui-assets 4 | branches: 5 | 4.2.x: 6 | time: 2019-07-04 12:28:00 7 | versions: ['>=4.0.0','<4.2.0'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezplatform-admin-ui/2019-04-03-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2019-002 Password reset vulnerability 2 | link: https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability 3 | reference: composer://ezsystems/ezplatform-admin-ui 4 | branches: 5 | 1.4.x: 6 | time: 2019-04-03 00:00:00 7 | versions: ['>=1.4.0','<1.4.6'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezplatform-kernel/2020-05-20-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2020-004 Object Injection in SiteAccessMatchListener 2 | link: https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener 3 | reference: composer://ezsystems/ezplatform-kernel 4 | branches: 5 | 1.0.x: 6 | time: 2020-05-20 16:45:00 7 | versions: ['>=1.0.0','<1.0.2.1'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezplatform-user/2019-04-03-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2019-002 Password reset vulnerability 2 | link: https://share.ez.no/community-project/security-advisories/ezsa-2019-002-password-reset-vulnerability 3 | reference: composer://ezsystems/ezplatform-user 4 | branches: 5 | 1.0.x: 6 | time: 2019-04-03 00:00:00 7 | versions: ['>=1.0.0','<1.0.1'] 8 | -------------------------------------------------------------------------------- /ezsystems/ezplatform/2019-06-27-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2019-004 CSRF token in login form is disabled by default 2 | link: https://share.ez.no/community-project/security-advisories/ezsa-2019-004-csrf-token-in-login-form-is-disabled-by-default 3 | reference: composer://ezsystems/ezplatform 4 | branches: 5 | 2.5.x: 6 | time: 2019-06-27 00:00:00 7 | versions: ['>=2.5.0','<2.5.4'] 8 | -------------------------------------------------------------------------------- /ezsystems/platform-ui-assets-bundle/2020-08-07-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2020-005 Editor XSS and trashed drafts in review queue 2 | link: https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue 3 | reference: composer://ezsystems/platform-ui-assets-bundle 4 | branches: 5 | 4.2.x: 6 | time: 2020-08-07 09:18:00 7 | versions: ['>=4.2.0','<4.2.3'] 8 | -------------------------------------------------------------------------------- /ezsystems/repository-forms/2018-11-20-1.yaml: -------------------------------------------------------------------------------- 1 | title: EZSA-2018-007 User data disclosure 2 | link: http://share.ez.no/community-project/security-advisories/ezsa-2018-007-user-data-disclosure 3 | reference: composer://ezsystems/repository-forms 4 | branches: 5 | 2.3.x: 6 | time: 2018-11-20 15:30:00 7 | versions: ['>=2.3.0','<2.3.2.1'] 8 | -------------------------------------------------------------------------------- /ezyang/htmlpurifier/CVE-2010-2479.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability exploitable on Internet Explorer 2 | link: http://htmlpurifier.org/news/2010/0531-4.1.1-released 3 | cve: CVE-2010-2479 4 | branches: 5 | 4.x: 6 | time: 2010-06-01 00:00:00 7 | versions: ['<4.1.1'] 8 | reference: composer://ezyang/htmlpurifier 9 | -------------------------------------------------------------------------------- /ezyang/htmlpurifier/CVE-2010-4183.yaml: -------------------------------------------------------------------------------- 1 | title: Multiple XSS vulnerabilities exploitable on Internet Explorer 2 | link: http://htmlpurifier.org/security/2010/css-quoting 3 | cve: CVE-2010-4183 4 | branches: 5 | 4.x: 6 | time: 2010-04-26 16:06:06 7 | versions: ['<4.1.0'] 8 | reference: composer://ezyang/htmlpurifier 9 | -------------------------------------------------------------------------------- /firebase/php-jwt/2015-04-02.yaml: -------------------------------------------------------------------------------- 1 | title: Critical vulnerabilities in JSON Web Token libraries 2 | link: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2015-04-01 18:08:35 7 | versions: [<2.0.0] 8 | reference: composer://firebase/php-jwt 9 | -------------------------------------------------------------------------------- /firebase/php-jwt/CVE-2021-46743.yaml: -------------------------------------------------------------------------------- 1 | title: Key/algorithm type confusion 2 | link: https://github.com/advisories/GHSA-8xf4-w7qw-pjjw 3 | cve: CVE-2021-46743 4 | branches: 5 | main: 6 | time: 2022-03-30 00:00:00 7 | versions: [<6.0.0] 8 | reference: composer://firebase/php-jwt 9 | -------------------------------------------------------------------------------- /fooman/tcpdf/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: 2018-09-20 05:24:43 7 | versions: ['<6.2.22'] 8 | reference: composer://fooman/tcpdf 9 | -------------------------------------------------------------------------------- /fossar/tcpdf-parser/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<6.2.22'] 8 | reference: composer://fossar/tcpdf-parser 9 | -------------------------------------------------------------------------------- /friendsofsymfony/oauth2-php/2020-03-03-1.yaml: -------------------------------------------------------------------------------- 1 | title: Fixes redirect uri validation in oauth 2 | link: https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2020-03-03 22:14:00 7 | versions: ['<1.3.0'] 8 | reference: composer://friendsofsymfony/oauth2-php 9 | -------------------------------------------------------------------------------- /friendsofsymfony/rest-bundle/2014-01-22-1.yaml: -------------------------------------------------------------------------------- 1 | title: Fixed issue with broken validation of JSONP callbacks 2 | link: https://symfony.com/blog/fosrestbundle-security-issue-with-jsonp-handler 3 | cve: ~ 4 | branches: 5 | 1.2.x: 6 | time: 2014-01-22 12:35:42 7 | versions: ['>=1.2.0', '<1.2.2'] 8 | reference: composer://friendsofsymfony/rest-bundle 9 | -------------------------------------------------------------------------------- /friendsofsymfony/user-bundle/2012-07-10-1.yaml: -------------------------------------------------------------------------------- 1 | title: Fixed the user refreshing to check the identity by primary key instead of username 2 | link: https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md 3 | cve: ~ 4 | branches: 5 | 1.2.x: 6 | time: 2012-07-10 12:35:42 7 | versions: ['>=1.2.0', '<1.2.1'] 8 | reference: composer://friendsofsymfony/user-bundle 9 | -------------------------------------------------------------------------------- /friendsofsymfony/user-bundle/2012-07-10-2.yaml: -------------------------------------------------------------------------------- 1 | title: Fixes a security issue where the session could be hijacked 2 | link: https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md 3 | cve: ~ 4 | branches: 5 | 1.2.x: 6 | time: 2012-07-10 17:28:35 7 | versions: ['>=1.2.0', '<1.2.4'] 8 | reference: composer://friendsofsymfony/user-bundle 9 | -------------------------------------------------------------------------------- /friendsofsymfony1/symfony1/CVE-2024-28859.yaml: -------------------------------------------------------------------------------- 1 | title: Deserialization Gadget chain in Swift Mailer dependancy 2 | link: https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r 3 | cve: CVE-2024-28859 4 | branches: 5 | 1.x: 6 | time: 2024-02-27 20:26:56 7 | versions: ['>=1.3.0', '<1.5.18'] 8 | reference: composer://friendsofsymfony1/symfony1 9 | -------------------------------------------------------------------------------- /friendsofsymfony1/symfony1/CVE-2024-28861.yaml: -------------------------------------------------------------------------------- 1 | title: Deserialization Gadget chain in Symfony sfNamespacedParameterHolder 2 | link: https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433 3 | cve: CVE-2024-28861 4 | branches: 5 | 1.x: 6 | time: 2024-03-19 13:59:00 7 | versions: ['>=1.1.0', '<1.5.19'] 8 | reference: composer://friendsofsymfony1/symfony1 9 | -------------------------------------------------------------------------------- /friendsoftypo3/mediace/CVE-2020-15086.yaml: -------------------------------------------------------------------------------- 1 | title: 'Sensitive Information Disclosure in extension "Media Content Element" (mediace)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2020-014' 3 | cve: CVE-2020-15086 4 | branches: 5 | 7.x: 6 | time: '2020-07-16 07:31:32' 7 | versions: ['>=7.6.2', '<=7.6.4'] 8 | reference: 'composer://friendsoftypo3/mediace' 9 | -------------------------------------------------------------------------------- /fuel/core/2016-06-29-1.yaml: -------------------------------------------------------------------------------- 1 | title: ImageMagick driver does not escape all shell arguments. 2 | link: https://fuelphp.com/security-advisories 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2016-09-27 08:06:00 7 | versions: ['<1.8.0.4'] 8 | reference: composer://fuel/core 9 | -------------------------------------------------------------------------------- /fuel/core/2018-04-14-1.yaml: -------------------------------------------------------------------------------- 1 | title: Crypt encryption compromised. 2 | link: https://fuelphp.com/security-advisories 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2018-04-16 17:23:00 7 | versions: ['<1.8.1'] 8 | reference: composer://fuel/core 9 | -------------------------------------------------------------------------------- /gree/jose/2016-08-30.yaml: -------------------------------------------------------------------------------- 1 | title: Critical vulnerabilities in JSON Web Token libraries 2 | link: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2016-08-30 10:37:36 7 | versions: [<=2.2.0] 8 | reference: composer://gree/jose 9 | -------------------------------------------------------------------------------- /gregwar/rst/2016-10-31.yaml: -------------------------------------------------------------------------------- 1 | title: Local File Inclusion Vulnerability 2 | link: https://hackerone.com/reports/179034 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2016-10-31 09:00:00 7 | versions: ['<1.0.3'] 8 | reference: composer://gregwar/rst 9 | -------------------------------------------------------------------------------- /illuminate/view/2020-03-13-1.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in blade templating 2 | link: https://github.com/laravel/framework/pull/31945 3 | cve: ~ 4 | branches: 5 | 7.x: 6 | time: 2020-03-13 13:52:44 7 | versions: ['>=7.0.0', '<7.1.2'] 8 | reference: composer://illuminate/view 9 | -------------------------------------------------------------------------------- /in2code/femanager/CVE-2023-45023.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2023-008' 3 | cve: CVE-2023-45023 4 | branches: 5 | main: 6 | time: '2023-10-04 09:43:00' 7 | versions: ['>=7.0.0', '<7.2.2'] 8 | reference: 'composer://in2code/femanager' 9 | -------------------------------------------------------------------------------- /in2code/femanager/CVE-2023-50459.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2023-010: Broken Access Control in extension "femanager" (femanager)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2023-010' 3 | cve: CVE-2023-50459 4 | branches: 5 | main: 6 | time: '2023-12-13 11:55:00' 7 | versions: ['>=7.0.0', '<7.2.3'] 8 | reference: 'composer://in2code/femanager' 9 | -------------------------------------------------------------------------------- /in2code/ipandlanguageredirect/CVE-2023-35782.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2023-005: SQL Injection in extension "ipandlanguageredirect" (ipandlanguageredirect)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2023-005' 3 | cve: CVE-2023-35782 4 | branches: 5 | main: 6 | time: '2023-06-12 17:07:00' 7 | versions: ['<5.1.2'] 8 | reference: 'composer://in2code/ipandlanguageredirect' 9 | -------------------------------------------------------------------------------- /ivankristianto/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.3.0'] 8 | reference: composer://ivankristianto/phpwhois -------------------------------------------------------------------------------- /james-heinrich/getid3/CVE-2014-2053.yaml: -------------------------------------------------------------------------------- 1 | title: Potential XXE security issue 2 | link: https://github.com/JamesHeinrich/getID3/commit/afbdaa044a9a0a9dff2f800bd670e231b3ec99b2 3 | cve: CVE-2014-2053 4 | branches: 5 | 1.x: 6 | time: 2014-09-14 18:13:30 7 | versions: ['<1.9.9'] 8 | reference: composer://james-heinrich/getid3 9 | -------------------------------------------------------------------------------- /joomla/archive/CVE-2021-26028.yaml: -------------------------------------------------------------------------------- 1 | 2 | title: Path Traversal within joomla/archive zip class 3 | link: https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html 4 | cve: CVE-2021-26028 5 | branches: 6 | master: 7 | time: 2021-03-06 13:37:00 8 | versions: ['<1.1.10'] 9 | reference: composer://joomla/archive 10 | -------------------------------------------------------------------------------- /joomla/input/CVE-2022-23799.yaml: -------------------------------------------------------------------------------- 1 | 2 | title: Variable Tampering within joomla/input class 3 | link: https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html 4 | cve: CVE-2022-23799 5 | branches: 6 | 2.0-dev: 7 | time: 2022-03-29 18:00:00 8 | versions: ['>=2.0.0', '<2.0.2'] 9 | reference: composer://joomla/input 10 | -------------------------------------------------------------------------------- /joomla/session/CVE-2015-8566.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution Vulnerability 2 | link: https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html 3 | cve: CVE-2015-8566 4 | branches: 5 | master: 6 | time: 2015-12-14 18:22:25 7 | versions: ['<1.3.1'] 8 | reference: composer://joomla/session 9 | -------------------------------------------------------------------------------- /jsmitty12/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: 2018-05-29 18:12:55 7 | versions: ['<5.1.0'] 8 | reference: composer://jsmitty12/phpwhois -------------------------------------------------------------------------------- /kazist/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.2.6'] 8 | reference: composer://kazist/phpwhois -------------------------------------------------------------------------------- /knplabs/knp-snappy/CVE-2023-28115.yaml: -------------------------------------------------------------------------------- 1 | title: PHAR deserialization allowing remote code execution 2 | link: https://github.com/advisories/GHSA-gq6w-q6wh-jggc 3 | cve: CVE-2023-28115 4 | branches: 5 | 1.x: 6 | time: 2023-03-17 15:47:00 7 | versions: ['<1.4.2'] 8 | reference: composer://knplabs/knp-snappy 9 | -------------------------------------------------------------------------------- /knplabs/knp-snappy/CVE-2023-41330.yaml: -------------------------------------------------------------------------------- 1 | title: Snappy PHAR deserialization vulnerability 2 | link: https://github.com/advisories/GHSA-92rv-4j2h-8mjj 3 | cve: CVE-2023-41330 4 | branches: 5 | 1.x: 6 | time: 2023-09-06 15:24:48 7 | versions: ['<=1.4.2'] 8 | reference: composer://knplabs/knp-snappy 9 | -------------------------------------------------------------------------------- /la-haute-societe/tcpdf/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<6.2.22'] 8 | reference: composer://la-haute-societe/tcpdf 9 | -------------------------------------------------------------------------------- /laminas/laminas-diactoros/CVE-2022-31109.yaml: -------------------------------------------------------------------------------- 1 | title: Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack. 2 | link: https://github.com/advisories/GHSA-8274-h5jp-97vr 3 | cve: CVE-2022-31109 4 | branches: 5 | master: 6 | time: 2022-07-25 19:29:00 7 | versions: ['<2.11.1'] 8 | reference: composer://laminas/laminas-diactoros 9 | -------------------------------------------------------------------------------- /laravel/fortify/CVE-2022-25838.yaml: -------------------------------------------------------------------------------- 1 | title: Multi-Factor Authentication issue in Laravel Fortify 2 | link: https://github.com/advisories/GHSA-6w4v-qr4m-97gg 3 | cve: CVE-2022-25838 4 | branches: 5 | "1.x": 6 | time: 2022-02-23 16:04:00 7 | versions: ['<1.11.1'] 8 | reference: composer://laravel/fortify 9 | -------------------------------------------------------------------------------- /laravel/framework/2020-03-13-1.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in blade templating 2 | link: https://github.com/laravel/framework/pull/31945 3 | cve: ~ 4 | branches: 5 | 7.x: 6 | time: 2020-03-13 13:52:44 7 | versions: ['>=7.0.0', '<7.1.2'] 8 | reference: composer://laravel/framework 9 | -------------------------------------------------------------------------------- /laravel/framework/CVE-2021-43617.yaml: -------------------------------------------------------------------------------- 1 | title: Image upload bypass 2 | link: https://github.com/laravel/framework/pull/39666 3 | cve: CVE-2021-43617 4 | branches: 5 | "8.x": 6 | time: 2021-11-18 02:10:57 7 | versions: ['>=8.0.0', '<8.71.0'] 8 | reference: composer://laravel/framework 9 | -------------------------------------------------------------------------------- /laravel/socialite/2015-07-23.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure state generation 2 | link: https://github.com/laravel/socialite/pull/91 3 | cve: ~ 4 | branches: 5 | 1.0.x: 6 | time: 2015-07-23 13:53:00 7 | versions: ['>=1.0.0', '<1.0.99'] 8 | 2.0.x: 9 | time: 2015-07-23 13:53:00 10 | versions: ['>=2.0.0', '<2.0.9'] 11 | reference: composer://laravel/socialite 12 | -------------------------------------------------------------------------------- /laravel/socialite/2015-08-03.yaml: -------------------------------------------------------------------------------- 1 | title: State guessing vulnerability 2 | link: https://github.com/laravel/socialite/pull/93 3 | cve: ~ 4 | branches: 5 | 1.0.x: 6 | time: 2015-08-03 12:55:00 7 | versions: ['>=1.0.0', '<1.0.99'] 8 | 2.0.x: 9 | time: 2015-08-03 12:55:00 10 | versions: ['>=2.0.0', '<2.0.10'] 11 | reference: composer://laravel/socialite 12 | -------------------------------------------------------------------------------- /league/commonmark/CVE-2018-20583.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability with unsafe link protocols 2 | link: https://github.com/thephpleague/commonmark/issues/337 3 | cve: CVE-2018-20583 4 | branches: 5 | 0.x: 6 | time: 2018-12-29 20:39:28 7 | versions: ['>=0.15.6', '<0.18.1'] 8 | reference: composer://league/commonmark 9 | -------------------------------------------------------------------------------- /league/commonmark/CVE-2019-10010.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability with double-encoded entities 2 | link: https://github.com/thephpleague/commonmark/issues/353 3 | cve: CVE-2019-10010 4 | branches: 5 | 0.x: 6 | time: 2019-03-21 22:52:50 7 | versions: ['<0.18.3'] 8 | reference: composer://league/commonmark 9 | -------------------------------------------------------------------------------- /livewire/livewire/2020-09-22-1.yaml: -------------------------------------------------------------------------------- 1 | title: $this->validate() returns all properties, not just validated ones 2 | link: https://github.com/livewire/livewire/releases/tag/v2.2.6 3 | cve: ~ 4 | branches: 5 | 2.x: 6 | time: 2020-09-22 19:30:08 7 | versions: ['>2.2.4', '<2.2.6'] 8 | reference: composer://livewire/livewire 9 | -------------------------------------------------------------------------------- /magento/magento1ce/2017-02-07.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-9652 - Remote Code Execution using mail vulnerability 2 | link: https://magento.com/security/patches/supee-9652 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2017-02-07 00:00:00 7 | versions: ['>=1.5.0.1', '<1.9.3.2'] 8 | reference: composer://magento/magento1ce 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/2018-06-29.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-10752 - Multiple security enhancements vulnerabilities 2 | link: https://magento.com/security/patches/supee-10752 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2018-06-29 00:00:00 7 | versions: ['<1.9.3.9'] 8 | reference: composer://magento/magento1ce 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/2018-11-28.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities 2 | link: https://magento.com/security/patches/supee-10975 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2018-11-26 10:00:58 7 | versions: ['>=1.5.0.0', '<1.9.4.0'] 8 | reference: composer://magento/magento1ce 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7139.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities 2 | link: https://magento.com/security/patches/supee-11086 3 | cve: CVE-2019-7139 4 | branches: 5 | 1.x: 6 | time: 2019-03-26 00:00:00 7 | versions: ['>=1.5.0.0', '<1.9.4.1'] 8 | reference: composer://magento/magento1ce 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7875.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2226: Stored cross-site scripting in the admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23' 3 | cve: CVE-2019-7875 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7897.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2299: Stored cross-site scripting in the admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13' 3 | cve: CVE-2019-7897 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7909.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2317: Stored cross-site scripting in admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23' 3 | cve: CVE-2019-7909 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7934.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2353: Stored cross-site scripting in the admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23' 3 | cve: CVE-2019-7934 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7935.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2363: Stored cross-site scripting in the admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23' 3 | cve: CVE-2019-7935 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-7938.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2369: Stored cross-site scripting in the admin panel' 2 | link: 'https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23' 3 | cve: CVE-2019-7938 4 | branches: 5 | 1: 6 | time: '2019-06-25 00:00:00' 7 | versions: ['>=1', '<1.9.4.2'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ce/CVE-2019-8152.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor' 2 | link: 'https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update' 3 | cve: CVE-2019-8152 4 | branches: 5 | 1: 6 | time: '2019-10-08 00:00:00' 7 | versions: ['>=1', '<1.9.4.3'] 8 | reference: 'composer://magento/magento1ce' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ee/2017-02-07.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-9652 - Remote Code Execution using mail vulnerability 2 | link: https://magento.com/security/patches/supee-9652 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2017-02-07 00:00:00 7 | versions: ['>=1.9.0.0', '<1.14.3.2'] 8 | reference: composer://magento/magento1ee 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ee/2018-11-28.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities 2 | link: https://magento.com/security/patches/supee-10975 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2018-11-26 10:00:58 7 | versions: ['>=1.9.0.0', '<1.14.4.0'] 8 | reference: composer://magento/magento1ee 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ee/CVE-2019-7139.yaml: -------------------------------------------------------------------------------- 1 | title: SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities 2 | link: https://magento.com/security/patches/supee-11086 3 | cve: CVE-2019-7139 4 | branches: 5 | 1.x: 6 | time: 2019-03-26 00:00:00 7 | versions: ['>=1.9.0.0', '<1.14.4.1'] 8 | reference: composer://magento/magento1ee 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /magento/magento1ee/CVE-2019-8152.yaml: -------------------------------------------------------------------------------- 1 | title: 'PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor' 2 | link: 'https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update' 3 | cve: CVE-2019-8152 4 | branches: 5 | 1: 6 | time: '2019-10-08 00:00:00' 7 | versions: ['>=1', '<1.14.4.3'] 8 | reference: 'composer://magento/magento1ee' 9 | composer-repository: false 10 | -------------------------------------------------------------------------------- /matyhtf/framework/CVE-2021-43676.yaml: -------------------------------------------------------------------------------- 1 | title: Path manipulation 2 | link: https://github.com/advisories/GHSA-mh9j-v6mq-pfch 3 | cve: CVE-2021-43676 4 | reference: composer://matyhtf/framework 5 | branches: 6 | '3.0': 7 | time: 2022-03-17 16:15:10 8 | versions: [ '<3.0.6' ] 9 | -------------------------------------------------------------------------------- /mdanter/ecc/2024-04-24.yaml: -------------------------------------------------------------------------------- 1 | title: Cryptographic side-channels in PHPECC 2 | link: https://github.com/advisories/GHSA-346h-749j-r28w 3 | cve: ~ 4 | branches: 5 | 0.x: 6 | time: 2024-04-24 00:00:00 7 | versions: ['>=0', '<1'] 8 | 1.x: 9 | time: 2024-04-24 00:00:00 10 | versions: ['>=1', '<2.0.0'] 11 | reference: composer://mdanter/ecc 12 | -------------------------------------------------------------------------------- /mediawiki/core/CVE-2018-13258.yaml: -------------------------------------------------------------------------------- 1 | title: 1.31.0 tarball is missing .htaccess files 2 | link: https://phabricator.wikimedia.org/T199029 3 | reference: composer://mediawiki/core 4 | cve: CVE-2018-13258 5 | branches: 6 | 1.31.x: 7 | time: 2018-09-20 19:59:28 8 | versions: ['>=1.31.0', '<1.31.1'] 9 | -------------------------------------------------------------------------------- /mediawiki/core/CVE-2020-10959.yaml: -------------------------------------------------------------------------------- 1 | title: User content can redirect the logout button to different URL 2 | link: https://phabricator.wikimedia.org/T232932 3 | reference: composer://mediawiki/core 4 | cve: CVE-2020-10959 5 | branches: 6 | 1.34.x: 7 | time: 2020-03-26 14:02:20 8 | versions: ['>=1.34.0', '<1.34.1'] 9 | -------------------------------------------------------------------------------- /mediawiki/core/CVE-2020-25827.yaml: -------------------------------------------------------------------------------- 1 | title: TOTP throttle not enforced cross-wiki 2 | link: https://phabricator.wikimedia.org/T251661 3 | reference: composer://mediawiki/core 4 | cve: CVE-2020-25827 5 | branches: 6 | 1.31.x: 7 | time: ~ 8 | versions: ['>=1.31.0', '<1.31.9'] 9 | 1.34.x: 10 | time: ~ 11 | versions: ['>=1.34.0', '<1.34.3'] 12 | -------------------------------------------------------------------------------- /mediawiki/semantic-media-wiki/CVE-2022-48614.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-site Scripting in Semantic MediaWiki' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2022-48614' 3 | cve: CVE-2022-48614 4 | branches: 5 | 4.x: 6 | time: 2022-07-21 19:09:00 7 | versions: ['<4.0.2'] 8 | reference: 'composer://mediawiki/semantic-media-wiki' 9 | -------------------------------------------------------------------------------- /microsoft/microsoft-graph-core/CVE-2023-49283.yaml: -------------------------------------------------------------------------------- 1 | title: 'Test code in published microsoft-graph-core package exposes phpinfo()' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-49283' 3 | cve: CVE-2023-49283 4 | branches: 5 | 2.x: 6 | time: 2023-11-30 12:40:00 7 | versions: ['<2.0.2'] 8 | reference: 'composer://microsoft/microsoft-graph-core' 9 | -------------------------------------------------------------------------------- /microweber/microweber/CVE-2023-6566.yaml: -------------------------------------------------------------------------------- 1 | title: 'Microweber Business Logic Errors' 2 | link: 'https://nvd.nist.gov/vuln/detail/CVE-2023-6566' 3 | cve: CVE-2023-6566 4 | branches: 5 | 2.x: 6 | time: 2023-06-07 15:48:00 7 | versions: ['<2.0.0'] 8 | reference: 'composer://microweber/microweber' 9 | -------------------------------------------------------------------------------- /monolog/monolog/2014-12-29-1.yaml: -------------------------------------------------------------------------------- 1 | title: Header injection in NativeMailerHandler 2 | link: https://github.com/Seldaek/monolog/pull/448#issuecomment-68208704 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2014-12-29 13:23:35 7 | versions: ['>=1.8.0', '<1.12.0'] 8 | reference: composer://monolog/monolog 9 | -------------------------------------------------------------------------------- /mustache/mustache/CVE-2022-0323.yaml: -------------------------------------------------------------------------------- 1 | title: Possible RCE when rendering untrusted user templates 2 | link: https://github.com/bobthecow/mustache.php/releases/tag/v2.14.1 3 | cve: CVE-2022-0323 4 | branches: 5 | 2.x: 6 | time: 2022-01-21 06:21:37 7 | versions: ['>=2.0.0', '<2.14.1'] 8 | reference: composer://mustache/mustache 9 | -------------------------------------------------------------------------------- /namshi/jose/2015-03-10.yaml: -------------------------------------------------------------------------------- 1 | title: Critical vulnerabilities in JSON Web Token libraries 2 | link: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2015-03-10 07:41:53 7 | versions: [<2.2.0] 8 | reference: composer://namshi/jose 9 | -------------------------------------------------------------------------------- /neos/flow/2012-03-28.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Unserialize Vulnerability in FLOW3 2 | link: https://www.neos.io/blog/flow-sa-2012-001.html 3 | cve: ~ 4 | branches: 5 | 1.0.x: 6 | time: 2012-03-28 09:32:37 7 | versions: ['>=1.0.0', '<1.0.4'] 8 | reference: composer://neos/flow 9 | -------------------------------------------------------------------------------- /neos/neos/2015-03-28.yaml: -------------------------------------------------------------------------------- 1 | title: Privilege Escalation in TYPO3 Neos 2 | link: https://www.neos.io/blog/neos-sa-2015-001.html 3 | cve: ~ 4 | branches: 5 | 1.1.x: 6 | time: 2015-03-28 18:26:25 7 | versions: ['>=1.1.0', '<1.1.3'] 8 | 1.2.x: 9 | time: 2015-03-28 18:24:29 10 | versions: ['>=1.2.0', '<1.2.3'] 11 | reference: composer://neos/neos 12 | -------------------------------------------------------------------------------- /neos/neos/2015-11-23.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerabilities in Neos 2 | link: https://www.neos.io/blog/neos-sa-2015-002.html 3 | cve: ~ 4 | branches: 5 | 1.2.x: 6 | time: 2015-11-23 21:03:00 7 | versions: ['>=1.2.0', '<1.2.13'] 8 | 2.0.x: 9 | time: 2015-11-23 21:03:00 10 | versions: ['>=2.0.0', '<2.0.4'] 11 | reference: composer://neos/neos 12 | -------------------------------------------------------------------------------- /nitsan/ns-backup/CVE-2025-48201.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2025-007' 3 | cve: CVE-2025-48201 4 | branches: 5 | main: 6 | time: '2025-05-20 10:00:00' 7 | versions: ['<13.0.1'] 8 | reference: 'composer://nitsan/ns-backup' 9 | 10 | -------------------------------------------------------------------------------- /nyholm/psr7/2023-04-17.yaml: -------------------------------------------------------------------------------- 1 | title: Improper Input Validation in headers 2 | link: https://github.com/advisories/GHSA-wjfc-pgfp-pv9c 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2023-04-17 16:00:00 7 | versions: ['<1.6.1'] 8 | 9 | reference: composer://nyholm/psr7 10 | -------------------------------------------------------------------------------- /nystudio107/craft-seomatic/2020-04-28-1.yaml: -------------------------------------------------------------------------------- 1 | title: SSTI Vulnerability 2 | link: https://twitter.com/nystudio107/status/1268736336200171520?lang=en 3 | branches: 4 | 3.x: 5 | time: 2020-04-28 18:08:00 6 | versions: ['<3.3.0'] 7 | reference: composer://nystudio107/craft-seomatic 8 | -------------------------------------------------------------------------------- /onelogin/php-saml/2017-02-28.yaml: -------------------------------------------------------------------------------- 1 | title: An error during signature verification can be treated as a successful verification. 2 | link: https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1 3 | cve: ~ 4 | branches: 5 | "2.x": 6 | time: 2017-02-28 15:37:00 7 | versions: [<2.10.4] 8 | reference: composer://onelogin/php-saml 9 | -------------------------------------------------------------------------------- /openid/php-openid/CVE-2013-4701.yaml: -------------------------------------------------------------------------------- 1 | title: XML External Entity (XXE) issue 2 | link: https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9 3 | cve: CVE-2013-4701 4 | branches: 5 | 2.x: 6 | time: 2013-08-12 01:41:28 7 | versions: ['<2.3.0'] 8 | reference: composer://openid/php-openid 9 | -------------------------------------------------------------------------------- /oro/crm/2015-07-08.yaml: -------------------------------------------------------------------------------- 1 | title: Forced Redirect to External Website 2 | link: https://www.orocrm.com/blog/news/orocrm-security-announcement 3 | cve: ~ 4 | branches: 5 | "1.7": 6 | time: 2015-07-08 13:51:00 7 | versions: ['>=1.7.0', '<1.7.4'] 8 | reference: composer://oro/crm 9 | -------------------------------------------------------------------------------- /oro/platform/2015-07-08.yaml: -------------------------------------------------------------------------------- 1 | title: Forced Redirect to External Website 2 | link: https://www.orocrm.com/blog/news/orocrm-security-announcement 3 | cve: ~ 4 | branches: 5 | "1.7": 6 | time: 2015-07-08 13:47:00 7 | versions: ['>=1.7.0', '<1.7.4'] 8 | reference: composer://oro/platform 9 | -------------------------------------------------------------------------------- /padraic/humbug_get_contents/CVE-2016-5385.yaml: -------------------------------------------------------------------------------- 1 | title: HTTP Proxy header vulnerability 2 | link: https://github.com/humbug/file_get_contents/releases/tag/1.1.2 3 | cve: CVE-2016-5385 4 | branches: 5 | master: 6 | time: 2018-02-12 19:47:17 7 | versions: ['<1.1.2'] 8 | reference: composer://padraic/humbug_get_contents 9 | -------------------------------------------------------------------------------- /pagarme/pagarme-php/2017-11-20.yaml: -------------------------------------------------------------------------------- 1 | title: Padding Oracle Vulnerability in RSA Encryption 2 | link: https://github.com/pagarme/pagarme-php/issues/29 3 | cve: ~ 4 | branches: 5 | 2.x: 6 | time: ~ 7 | versions: ['>=0.0.0', '<3.0.0'] 8 | reference: composer://pagarme/pagarme-php 9 | -------------------------------------------------------------------------------- /paragonie/ecc/CVE-2024-33851.yaml: -------------------------------------------------------------------------------- 1 | title: mdanter/ecc affected by timing vulnerability in cryptographic side-channels 2 | link: https://github.com/advisories/GHSA-3494-cfwf-56hw 3 | cve: CVE-2024-33851 4 | branches: 5 | 2.x: 6 | time: 2024-04-24 12:02:00 7 | versions: ['>=2', '<2.0.1'] 8 | reference: composer://paragonie/ecc 9 | -------------------------------------------------------------------------------- /paragonie/random_compat/2016-03-16.yaml: -------------------------------------------------------------------------------- 1 | title: Uses insecure CSPRNG (openssl_random_pseudo_bytes()) 2 | link: https://github.com/paragonie/random_compat/issues/96 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2016-03-16 00:00:00 7 | versions: ['<2.0'] 8 | reference: composer://paragonie/random_compat 9 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-02-11-1.yaml: -------------------------------------------------------------------------------- 1 | title: Remote code execution 2 | link: https://www.passbolt.com/incidents/20190211_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: 2019-02-12 12:00:00 7 | versions: ['<2.7.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-02-11-2.yaml: -------------------------------------------------------------------------------- 1 | title: Retrieval of HTTP-only cookies 2 | link: https://www.passbolt.com/incidents/20190211_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: 2019-02-12 12:00:00 7 | versions: ['<2.7.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-02-11-3.yaml: -------------------------------------------------------------------------------- 1 | title: E-mail HTML injection 2 | link: https://www.passbolt.com/incidents/20190211_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: 2019-02-12 12:00:00 7 | versions: ['<2.7.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-08-07-1.yaml: -------------------------------------------------------------------------------- 1 | title: Stored XSS on first/last name during setup 2 | link: https://www.passbolt.com/incidents/20190807_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: ~ 7 | versions: ['<2.11.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-08-07-2.yaml: -------------------------------------------------------------------------------- 1 | title: Stored XSS in tags autocomplete dropdown 2 | link: https://www.passbolt.com/incidents/20190807_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: ~ 7 | versions: ['<2.11.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/2019-08-07-3.yaml: -------------------------------------------------------------------------------- 1 | title: Tabnabbing when opening URI with menu "Open URI in a new tab" 2 | link: https://www.passbolt.com/incidents/20190807_multiple_vulnerabilities 3 | reference: composer://passbolt/passbolt_api 4 | branches: 5 | master: 6 | time: ~ 7 | versions: ['<2.11.0'] 8 | -------------------------------------------------------------------------------- /passbolt/passbolt_api/CVE-2017-1000442.yaml: -------------------------------------------------------------------------------- 1 | title: XSS in the url field on the password workspace grid and sidebar 2 | link: https://www.passbolt.com/incidents/20170914_xss_on_resource_urls 3 | cve: CVE-2017-1000442 4 | reference: composer://passbolt/passbolt_api 5 | branches: 6 | master: 7 | time: 2017-09-14 14:30:00 8 | versions: ['<1.6.5'] 9 | -------------------------------------------------------------------------------- /pear/archive_tar/CVE-2018-1000888.yaml: -------------------------------------------------------------------------------- 1 | title: Potential RCE if filename starts with phar:// 2 | link: https://pear.php.net/bugs/bug.php?id=23782 3 | cve: CVE-2018-1000888 4 | branches: 5 | 1.x: 6 | time: 2018-12-20 19:11:37 7 | versions: ['<1.4.4'] 8 | reference: composer://pear/archive_tar 9 | -------------------------------------------------------------------------------- /pear/archive_tar/CVE-2020-28949.yaml: -------------------------------------------------------------------------------- 1 | title: Potential file overwrite if archive filename starts with file:// 2 | link: https://github.com/pear/Archive_Tar/issues/33 3 | cve: CVE-2020-28949 4 | branches: 5 | 1.x: 6 | time: 2020-11-20 00:00:00 7 | versions: ['<1.4.11'] 8 | reference: composer://pear/archive_tar 9 | -------------------------------------------------------------------------------- /pear/archive_tar/CVE-2020-36193.yaml: -------------------------------------------------------------------------------- 1 | title: Allows write operations with Directory Traversal due to inadequate checking of symbolic links 2 | link: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 3 | cve: CVE-2020-36193 4 | branches: 5 | 1.x: 6 | time: 2021-01-18 00:00:00 7 | versions: ['<1.4.12'] 8 | reference: composer://pear/archive_tar 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2015-8476.yaml: -------------------------------------------------------------------------------- 1 | title: Multiple CRLF injection vulnerabilities 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.14 3 | cve: CVE-2015-8476 4 | branches: 5 | 5.x: 6 | time: 2015-11-01 10:15:00 7 | versions: ['>=5.0.0', '<5.2.14'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2016-10033.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 3 | cve: CVE-2016-10033 4 | branches: 5 | 5.x: 6 | time: 2016-12-23 23:40:00 7 | versions: ['>=5.0.0', '<5.2.18'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2016-10045.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20 3 | cve: CVE-2016-10045 4 | branches: 5 | 5.x: 6 | time: 2016-12-28 12:28:04 7 | versions: ['>=5.0.0', '<5.2.20'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2017-11503.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in code example 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24 3 | cve: CVE-2017-11503 4 | branches: 5 | 5.x: 6 | time: 2017-07-26 18:02:31 7 | versions: ['>=5.0.0', '<5.2.24'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2017-5223.yaml: -------------------------------------------------------------------------------- 1 | title: Local File Disclosure 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22 3 | cve: CVE-2017-5223 4 | branches: 5 | 5.x: 6 | time: 2016-01-06 21:35:04 7 | versions: ['>=5.0.0', '<5.2.22'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2020-36326.yaml: -------------------------------------------------------------------------------- 1 | title: Object injection via local phar file 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.4.1 3 | cve: CVE-2020-36326 4 | branches: 5 | 6.x: 6 | time: 2021-04-29 12:16:00 7 | versions: ['>=6.1.8', '<6.4.1'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2021-34551.yaml: -------------------------------------------------------------------------------- 1 | title: RCE affecting Windows hosts via UNC paths to translation files 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0 3 | cve: CVE-2021-34551 4 | branches: 5 | 6.x: 6 | time: 2021-06-16 16:20:00 7 | versions: ['<6.5.0'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpmailer/phpmailer/CVE-2021-3603.yaml: -------------------------------------------------------------------------------- 1 | title: Untrusted code may be run from an overridden address validator 2 | link: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0 3 | cve: CVE-2021-3603 4 | branches: 5 | 6.x: 6 | time: 2021-06-16 16:20:00 7 | versions: ['<6.5.0'] 8 | reference: composer://phpmailer/phpmailer 9 | -------------------------------------------------------------------------------- /phpoffice/phpexcel/CVE-2015-3542.yaml: -------------------------------------------------------------------------------- 1 | title: XXE Vulnerability 2 | link: https://github.com/PHPOffice/PHPExcel/commit/0ab614fd952f82f9b7a9280731daa2300e6b000c 3 | cve: CVE-2015-3542 4 | branches: 5 | '1.8': 6 | time: 2015-04-29 00:43:04 7 | versions: ['<1.8.1'] 8 | reference: composer://phpoffice/phpexcel 9 | -------------------------------------------------------------------------------- /phpoffice/phpexcel/CVE-2018-19277.yaml: -------------------------------------------------------------------------------- 1 | title: XXE Vulnerability 2 | link: https://github.com/PHPOffice/PhpSpreadsheet/issues/771 3 | cve: CVE-2018-19277 4 | branches: 5 | master: 6 | time: 2018-11-22 23:07:00 7 | versions: ['<1.8.0'] 8 | reference: composer://phpoffice/phpexcel 9 | -------------------------------------------------------------------------------- /phpoffice/phpspreadsheet/CVE-2018-19277.yaml: -------------------------------------------------------------------------------- 1 | title: XXE Vulnerability 2 | link: https://github.com/PHPOffice/PhpSpreadsheet/issues/771 3 | cve: CVE-2018-19277 4 | branches: 5 | master: 6 | time: 2018-11-20 19:50:00 7 | versions: ['<=1.5.0'] 8 | reference: composer://phpoffice/phpspreadsheet 9 | -------------------------------------------------------------------------------- /phpoffice/phpspreadsheet/CVE-2019-12331.yaml: -------------------------------------------------------------------------------- 1 | title: XXE Vulnerability 2 | link: https://github.com/PHPOffice/PhpSpreadsheet/pull/1041 3 | cve: CVE-2019-12331 4 | branches: 5 | master: 6 | time: 2019-07-01 12:55:00 7 | versions: ['<1.8.0'] 8 | reference: composer://phpoffice/phpspreadsheet 9 | -------------------------------------------------------------------------------- /phpoffice/phpspreadsheet/CVE-2020-7776.yaml: -------------------------------------------------------------------------------- 1 | title: XSS Vulnerability in HTML Writer 2 | link: https://github.com/PHPOffice/PhpSpreadsheet/pull/1719 3 | cve: CVE-2020-7776 4 | branches: 5 | master: 6 | time: 2020-12-31 19:20:00 7 | versions: ['<1.16.0'] 8 | reference: composer://phpoffice/phpspreadsheet 9 | -------------------------------------------------------------------------------- /phpseclib/phpseclib/CVE-2023-27560.yaml: -------------------------------------------------------------------------------- 1 | title: Infinite Loop vulnerability 2 | link: https://github.com/advisories/GHSA-hm7p-r324-hhf3 3 | cve: CVE-2023-27560 4 | branches: 5 | "3.0": 6 | time: 2023-03-06 09:20:00 7 | versions: ['>=3.0.0', '<3.0.19'] 8 | reference: composer://phpseclib/phpseclib 9 | -------------------------------------------------------------------------------- /phpseclib/phpseclib/CVE-2023-49316.yaml: -------------------------------------------------------------------------------- 1 | title: phpseclib vulnerable to denial of service 2 | link: https://github.com/advisories/GHSA-jpr7-q523-hx25 3 | cve: CVE-2023-49316 4 | branches: 5 | "3.0": 6 | time: 2023-11-27 18:31:14 7 | versions: ['>=3.0.0', '<3.0.34'] 8 | reference: composer://phpseclib/phpseclib 9 | -------------------------------------------------------------------------------- /phpunit/phpunit/CVE-2017-9841.yaml: -------------------------------------------------------------------------------- 1 | title: RCE vulnerability in phpunit 2 | link: https://nvd.nist.gov/vuln/detail/CVE-2017-9841 3 | cve: CVE-2017-9841 4 | branches: 5 | 5.x: 6 | time: 2016-11-13 17:52:50 7 | versions: ['>=5.0.10', '<5.6.3'] 8 | 4.x: 9 | time: 2016-11-13 17:52:50 10 | versions: ['>=4.8.19', '<4.8.28'] 11 | reference: composer://phpunit/phpunit 12 | -------------------------------------------------------------------------------- /phpwhois/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.2.5'] 8 | reference: composer://phpwhois/phpwhois -------------------------------------------------------------------------------- /phpxmlrpc/extras/2017-10-29.yaml: -------------------------------------------------------------------------------- 1 | title: XSS in class documenting_xmlrpc_server 2 | link: https://github.com/gggeek/phpxmlrpc-extras/releases/tag/0.6.1 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2017-10-29 12:24:59 7 | versions: [<0.6.1] 8 | reference: composer://phpxmlrpc/extras 9 | -------------------------------------------------------------------------------- /phpxmlrpc/phpxmlrpc/2022-11-28-1.yaml: -------------------------------------------------------------------------------- 1 | title: local file access in `Client:send` via manipulation of `$protocol` argument 2 | link: https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.0 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2012-11-28 10:04:37 7 | versions: [<4.9.0] 8 | reference: composer://phpxmlrpc/phpxmlrpc 9 | -------------------------------------------------------------------------------- /phpxmlrpc/phpxmlrpc/2022-11-28-2.yaml: -------------------------------------------------------------------------------- 1 | title: code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument 2 | link: https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.0 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2012-11-28 10:04:37 7 | versions: [<4.9.0] 8 | reference: composer://phpxmlrpc/phpxmlrpc 9 | -------------------------------------------------------------------------------- /propel/propel/2018-02-14.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection possible with limit() on MySQL 2 | link: https://github.com/propelorm/Propel2/issues/1463 3 | cve: ~ 4 | branches: 5 | "2.0": 6 | time: 2018-02-19 13:04:00 7 | versions: ['>=2.0.0-alpha1', '<=2.0.0-alpha7'] 8 | reference: composer://propel/propel 9 | -------------------------------------------------------------------------------- /propel/propel1/2018-02-14.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection possible with limit() on MySQL 2 | link: https://github.com/propelorm/Propel/issues/1052 3 | cve: ~ 4 | branches: 5 | "1.0": 6 | time: 2018-02-16 13:38:00 7 | versions: ['>=1', '<=1.7.1'] 8 | reference: composer://propel/propel1 9 | -------------------------------------------------------------------------------- /pusher/pusher-php-server/2015-05-13.yaml: -------------------------------------------------------------------------------- 1 | title: Exploit in the private channel authentication 2 | link: https://blog.pusher.com/update-on-security/ 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2015-05-13 10:53:19 7 | versions: [<2.2.1] 8 | reference: composer://pusher/pusher-php-server 9 | -------------------------------------------------------------------------------- /react/http/CVE-2022-36032.yaml: -------------------------------------------------------------------------------- 1 | title: "ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent" 2 | link: https://github.com/advisories/GHSA-w3w9-vrf5-8mx8 3 | cve: CVE-2022-36032 4 | branches: 5 | 1.x: 6 | time: 2022-08-20 11:11:00 7 | versions: ['>=0.7.0', '<1.7.0'] 8 | reference: composer://react/http 9 | -------------------------------------------------------------------------------- /react/http/CVE-2023-26044.yaml: -------------------------------------------------------------------------------- 1 | title: "ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits" 2 | link: https://github.com/advisories/GHSA-95x4-j7vc-h8mf 3 | cve: CVE-2023-26044 4 | branches: 5 | 1.x: 6 | time: 2023-02-27 15:05:00 7 | versions: ['>=0.8.0', '<1.9.0'] 8 | reference: composer://react/http 9 | -------------------------------------------------------------------------------- /rmccue/requests/CVE-2021-29476.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Deserialization of untrusted data 2 | link: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 3 | cve: CVE-2021-29476 4 | reference: composer://rmccue/requests 5 | branches: 6 | 1.x: 7 | time: 2020-11-03 08:51:20 8 | versions: ['>=1.6.0', '<1.8.0'] 9 | -------------------------------------------------------------------------------- /rudloff/alltube/CVE-2022-0692.yaml: -------------------------------------------------------------------------------- 1 | title: URL Redirection to Untrusted Site ('Open Redirect') 2 | link: https://github.com/Rudloff/alltube/security/advisories/GHSA-jmhf-9fj8-88gh 3 | cve: CVE-2022-0692 4 | reference: composer://rudloff/alltube 5 | branches: 6 | master: 7 | time: 2022-02-20 13:28:57 8 | versions: [ '<3.0.1' ] 9 | -------------------------------------------------------------------------------- /rudloff/alltube/CVE-2022-0768.yaml: -------------------------------------------------------------------------------- 1 | title: Server-Side Request Forgery (SSRF) 2 | link: https://github.com/Rudloff/alltube/security/advisories/GHSA-r5hc-wm3g-hjw6 3 | cve: CVE-2022-0768 4 | reference: composer://rudloff/alltube 5 | branches: 6 | master: 7 | time: 2022-02-27 12:30:15 8 | versions: ['<3.0.2'] 9 | -------------------------------------------------------------------------------- /rudloff/alltube/CVE-2022-24739.yaml: -------------------------------------------------------------------------------- 1 | title: Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') 2 | link: https://github.com/Rudloff/alltube/security/advisories/GHSA-75p7-527p-w8wp 3 | cve: CVE-2022-24739 4 | reference: composer://rudloff/alltube 5 | branches: 6 | master: 7 | time: 2022-03-08 09:29:57 8 | versions: [ '<3.0.3' ] 9 | -------------------------------------------------------------------------------- /scheb/two-factor-bundle/2018-07-08.yaml: -------------------------------------------------------------------------------- 1 | title: Vulnerability to bypass two-factor authentication with unverified JWT trusted device token 2 | link: https://github.com/scheb/two-factor-bundle/issues/143 3 | cve: ~ 4 | branches: 5 | "master": 6 | time: 2019-07-08 12:27:02 7 | versions: ['>=3.0.0', '<3.7.0'] 8 | reference: composer://scheb/two-factor-bundle 9 | -------------------------------------------------------------------------------- /sensiolabs/connect/2018-06-08-1.yaml: -------------------------------------------------------------------------------- 1 | title: Missing state parameter in OAuth requests leading to CSRF vulnerability 2 | link: https://github.com/sensiolabs/connect/pull/63 3 | cve: ~ 4 | branches: 5 | "master": 6 | time: 2017-05-30 11:55:16 7 | versions: ['<4.2.3'] 8 | reference: composer://sensiolabs/connect 9 | -------------------------------------------------------------------------------- /serluck/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.2.6'] 8 | reference: composer://serluck/phpwhois -------------------------------------------------------------------------------- /shopware/shopware/2018-01-22.yaml: -------------------------------------------------------------------------------- 1 | title: 'Non-Persistent XSS' 2 | link: 'https://community.shopware.com/_detail_2048.html' 3 | branches: 4 | "5.2": 5 | time: 2018-01-22 12:30:00 6 | versions: ['>=5.2.0', '<5.3.0'] 7 | "5.3": 8 | time: 2018-01-22 12:30:00 9 | versions: ['>=5.3.0', '<5.3.7'] 10 | reference: composer://shopware/shopware 11 | -------------------------------------------------------------------------------- /silverstripe/admin/CVE-2021-36150.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting" 2 | link: https://www.silverstripe.org/download/security-releases/CVE-2021-36150 3 | cve: CVE-2021-36150 4 | branches: 5 | 1.0.x: 6 | time: 2021-10-05 05:18:20 7 | versions: ['>=1.0.0', '<1.8.1'] 8 | reference: composer://silverstripe/admin 9 | -------------------------------------------------------------------------------- /silverstripe/admin/CVE-2022-38146.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38146 3 | cve: CVE-2022-38146 4 | branches: 5 | 1.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=1.0.0', '<1.11.3'] 8 | reference: composer://silverstripe/admin 9 | -------------------------------------------------------------------------------- /silverstripe/admin/SS-2023-001.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2023-001 - XSS vulnerability in underlying TinyMCE library" 2 | link: https://www.silverstripe.org/download/security-releases/SS-2023-001 3 | cve: ~ 4 | branches: 5 | 1.12.x: 6 | time: 2023-04-25 23:32:38 7 | versions: ['>=1.0.0', '<1.12.7'] 8 | reference: composer://silverstripe/admin 9 | -------------------------------------------------------------------------------- /silverstripe/admin/SS-2023-002.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE" 2 | link: https://www.silverstripe.org/download/security-releases/SS-2023-002 3 | cve: ~ 4 | branches: 5 | 1.13.x: 6 | time: 2023-07-30 23:41:51 7 | versions: ['>=1.0.0', '<1.13.6'] 8 | reference: composer://silverstripe/admin 9 | -------------------------------------------------------------------------------- /silverstripe/assets/CVE-2022-29858.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2022-29858: Unpublished, protected files can be published via shortcode' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-29858 3 | cve: CVE-2022-29858 4 | branches: 5 | 1.0.x: 6 | time: 2022-06-27 05:27:00 7 | versions: ['>=1.0.0', '<1.10.1'] 8 | reference: composer://silverstripe/assets 9 | -------------------------------------------------------------------------------- /silverstripe/assets/CVE-2022-38147.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38147 - XSS via uploaded gpx file" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38147 3 | cve: CVE-2022-38147 4 | branches: 5 | 1.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=1.0.0', '<1.11.1'] 8 | reference: composer://silverstripe/assets 9 | -------------------------------------------------------------------------------- /silverstripe/assets/CVE-2022-38724.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38724 - XSS in shortcodes" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38724 3 | cve: CVE-2022-38724 4 | branches: 5 | 1.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=1.0.0', '<1.11.1'] 8 | reference: composer://silverstripe/assets 9 | -------------------------------------------------------------------------------- /silverstripe/cms/CVE-2022-37421.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-37421 - Stored XSS in custom meta tags" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-37421 3 | cve: CVE-2022-37421 4 | branches: 5 | 4.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=4.0.0', '<4.11.3'] 8 | reference: composer://silverstripe/cms 9 | -------------------------------------------------------------------------------- /silverstripe/cms/SS-2015-003-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-003: History XSS Vulnerability" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-003/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-02-12 15:55:00 7 | versions: ['>=3.1.0', '<=3.1.9'] 8 | reference: composer://silverstripe/cms 9 | -------------------------------------------------------------------------------- /silverstripe/cms/SS-2015-005-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-005: VirtualPage XSS" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-005/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-02-12 15:55:00 7 | versions: ['>=3.1.0', '<=3.1.9'] 8 | reference: composer://silverstripe/cms 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2020-9311.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2020-9311: Malicious user profile information can cause login form XSS' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2020-9311/ 3 | cve: CVE-2020-9311 4 | branches: 5 | 3.0.x: 6 | time: 2020-07-14 13:26:40 7 | versions: ['>=3.0.0', '<3.7.5'] 8 | 9 | reference: composer://silverstripe/framework 10 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2021-25817.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2021-25817 XXE: Vulnerability in CSSContentParser' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2021-25817 3 | cve: CVE-2021-25817 4 | branches: 5 | 4.0.x: 6 | time: 2021-06-07 22:31:00 7 | versions: ['>=4.0.0', '<4.7.4'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2021-41559.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2021-41559: Quadratic blowup in Convert::xml2array()' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2021-41559 3 | cve: CVE-2021-41559 4 | branches: 5 | 4.0.x: 6 | time: 2022-06-27 05:27:00 7 | versions: ['>=4.0.0', '<4.10.9'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-25238.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2022-25238: Stored XSS via HTML fields' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-25238 3 | cve: CVE-2022-25238 4 | branches: 5 | 4.0.x: 6 | time: 2022-06-27 05:27:00 7 | versions: ['>=4.0.0', '<4.10.9'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-28803.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2022-28803: Stored XSS in link tags added via XHR' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-28803 3 | cve: CVE-2022-28803 4 | branches: 5 | 4.0.x: 6 | time: 2022-06-27 05:27:00 7 | versions: ['>=4.0.0', '<4.10.9'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-37429.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-37429 - Stored XSS using HTMLEditor" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-37429 3 | cve: CVE-2022-37429 4 | branches: 5 | 4.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=4.0.0', '<4.11.13'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-37430.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-37430 3 | cve: CVE-2022-37430 4 | branches: 5 | 4.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=4.0.0', '<4.11.13'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-38462.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38462 - Reflected XSS in querystring parameters" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38462 3 | cve: CVE-2022-38462 4 | branches: 5 | 4.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=4.0.0', '<4.11.13'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2022-38724.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38724 - XSS in shortcodes" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38724 3 | cve: CVE-2022-38724 4 | branches: 5 | 4.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=4.0.0', '<4.11.13'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2023-22728.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2023-22728 - Missing permission check in GridFieldPrintButton" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2023-22728 3 | cve: CVE-2023-22728 4 | branches: 5 | 4.12.x: 6 | time: 2023-04-25 23:24:46 7 | versions: ['>=4.0.0', '<4.12.5'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2023-22729.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2023-22729 - Open redirect vulnerability on CMSSecurity relogin screen" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2023-22729 3 | cve: CVE-2023-22729 4 | branches: 5 | 4.12.x: 6 | time: 2023-04-25 23:30:41 7 | versions: ['>=4.0.0', '<4.12.5'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2024-32981.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2024-32981 3 | cve: CVE-2024-32981 4 | branches: 5 | 5.2.x: 6 | time: 2024-07-17 00:24:42 7 | versions: ['<5.2.16'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2024-47605.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2024-47605 - XSS via insert media remote file oembed" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2024-47605 3 | cve: CVE-2024-47605 4 | branches: 5 | 5.3.x: 6 | time: 2025-01-14 21:24:19 7 | versions: ['<5.3.8'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2024-53277.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2024-53277 - XSS in form messages" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2024-53277 3 | cve: CVE-2024-53277 4 | branches: 5 | 5.3.x: 6 | time: 2025-01-14 21:24:36 7 | versions: ['<5.3.8'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/CVE-2025-30148.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2025-30148 - XSS vulnerability in HTML editor" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2025-30148 3 | cve: CVE-2025-30148 4 | branches: 5 | 5.3.x: 6 | time: 2025-04-10 02:37:11 7 | versions: ['<5.3.23'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2014-017-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2014-017: XML Quadratic Blowup Attack" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2014-08-12 11:50:00 7 | versions: ['>=3.1.0', '<=3.1.11'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-004-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-004/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-02-12 15:55:00 7 | versions: ['>=3.1.0', '<=3.1.9'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-006-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-006: XSS In GridField print" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-006/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-02-12 15:55:00 7 | versions: ['>=3.1.0', '<3.1.10'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-007-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-007: XSS In FormAction" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-007/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-02-12 15:55:00 7 | versions: ['>=3.1.0', '<=3.1.9'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-010-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-010: XSS in Director::force_redirect()" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-03-20 15:07:00 7 | versions: ['>=3.1.0', '<3.1.12'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-013-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-013: X-Forwarded-Host request hostname injection" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-013/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-05-29 12:53:14 +1200 7 | versions: ['>=3.1.0', '<3.1.13'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-015-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-015: XSS in dev/build returnURL Parameter" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-015/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-09-14 09:17:00 7 | versions: ['>=3.1.0', '<3.1.14'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2015-016-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-016: XSS in install.php" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-016/ 3 | cve: ~ 4 | branches: 5 | 3.1.x: 6 | time: 2015-09-14 10:44:00 7 | versions: ['>=3.1.0', '<3.1.14'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2017-010-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms' 2 | link: https://www.silverstripe.org/download/security-releases/ss-2017-010/ 3 | cve: ~ 4 | branches: 5 | 4.0.x: 6 | time: 2017-12-07 13:46:52 7 | versions: ['>=4.0.0', '<4.0.1'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2024-001.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2024-001 - TinyMCE allows svg files linked in object tags" 2 | link: https://www.silverstripe.org/download/security-releases/ss-2024-001 3 | cve: ~ 4 | branches: 5 | 5.2.x: 6 | time: 2024-07-17 00:24:42 7 | versions: ['<5.2.16'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2024-002.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message" 2 | link: https://www.silverstripe.org/download/security-releases/ss-2024-002 3 | cve: ~ 4 | branches: 5 | 5.3.x: 6 | time: 2025-01-14 21:23:51 7 | versions: ['<5.3.8'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/framework/SS-2025-001.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2025-001 - User enumeration via timing attack" 2 | link: https://www.silverstripe.org/download/security-releases/ss-2025-001 3 | cve: ~ 4 | branches: 5 | 5.3.x: 6 | time: 2025-04-10 02:37:11 7 | versions: ['<5.3.23'] 8 | reference: composer://silverstripe/framework 9 | -------------------------------------------------------------------------------- /silverstripe/graphql/CVE-2020-6165.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2020-6165: Limited queries break CanViewPermissionChecker' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2020-6165 3 | cve: CVE-2020-6165 4 | branches: 5 | 3.2.x: 6 | time: 2020-07-10 17:54:00 7 | versions: ['>=3.2.0', '<3.2.4'] 8 | reference: composer://silverstripe/graphql 9 | -------------------------------------------------------------------------------- /silverstripe/graphql/CVE-2021-28661.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass" 2 | link: https://www.silverstripe.org/download/security-releases/CVE-2021-28661 3 | cve: CVE-2021-28661 4 | branches: 5 | 3.0.x: 6 | time: 2021-06-07 22:31:00 7 | versions: ['>=3.0.0', '<3.5.2'] 8 | reference: composer://silverstripe/graphql 9 | -------------------------------------------------------------------------------- /silverstripe/graphql/SS-2018-007-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'SS-2018-007: CSRF vulnerability in graphql' 2 | link: https://www.silverstripe.org/download/security-releases/ss-2018-007/ 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2018-12-10 14:21:08 7 | versions: ['>=2.0.0', '<2.0.3'] 8 | reference: composer://silverstripe/graphql 9 | -------------------------------------------------------------------------------- /silverstripe/reports/CVE-2024-29885.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2024-29885 - Reports are still accessible even when canView is set to false" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2024-29885 3 | cve: CVE-2024-29885 4 | branches: 5 | 5.2.x: 6 | time: 2024-07-17 00:24:42 7 | versions: ['<5.2.3'] 8 | reference: composer://silverstripe/reports 9 | -------------------------------------------------------------------------------- /silverstripe/subsites/CVE-2022-42949.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2022-42949 - Subsite weakens file permissions' 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-42949 3 | cve: CVE-2022-42949 4 | branches: 5 | 2.0.x: 6 | time: 2022-12-18 22:37:00 7 | versions: ['>=2.0.0', '<2.6.1'] 8 | reference: composer://silverstripe/subsites 9 | -------------------------------------------------------------------------------- /silverstripe/subsites/SS-2018-016-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)' 2 | link: https://www.silverstripe.org/download/security-releases/ss-2018-016/ 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2018-07-25 09:55:14 7 | versions: ['>=2.0.0', '<2.1.1'] 8 | reference: composer://silverstripe/subsites 9 | -------------------------------------------------------------------------------- /silverstripe/userforms/SS-2015-018-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SS-2015-018: File upload exposure on UserForms module" 2 | link: https://www.silverstripe.org/software/download/security-releases/ss-2015-018/ 3 | cve: ~ 4 | branches: 5 | 3.0.x: 6 | time: 2015-08-31 14:32:00 7 | versions: [<3.0.0] 8 | reference: composer://silverstripe/userforms 9 | -------------------------------------------------------------------------------- /silverstripe/versioned-admin/CVE-2022-38145.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2022-38145 - Stored XSS in Compare Mode" 2 | link: https://www.silverstripe.org/download/security-releases/cve-2022-38145 3 | cve: CVE-2022-38145 4 | branches: 5 | 1.0.x: 6 | time: 2021-11-21 00:00:00 7 | versions: ['>=1.0.0', '<1.11.1'] 8 | reference: composer://silverstripe/versioned-admin 9 | -------------------------------------------------------------------------------- /simple-updates/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=1.0.0'] 8 | reference: composer://simple-updates/phpwhois -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp-module-infocard/CVE-2017-12874.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect signature verification 2 | link: https://simplesamlphp.org/security/201612-03 3 | cve: CVE-2017-12874 4 | branches: 5 | master: 6 | time: 2016-12-03 12:16:03 7 | versions: ['<1.0.1'] 8 | reference: composer://simplesamlphp/simplesamlphp-module-infocard 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/201606-01.yaml: -------------------------------------------------------------------------------- 1 | title: Link injection 2 | link: https://simplesamlphp.org/security/201606-01 3 | branches: 4 | master: 5 | time: 2016-06-06 09:50:45 6 | versions: ['<1.14.4'] 7 | reference: composer://simplesamlphp/simplesamlphp 8 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/2018-12-20.yaml: -------------------------------------------------------------------------------- 1 | title: Credentials exposure in session storage 2 | link: https://simplesamlphp.org/security/201812-01 3 | branches: 4 | 1.16.x: 5 | time: 2018-12-20 16:16:00 6 | versions: ['>=1.16.0', '<1.16.3'] 7 | reference: composer://simplesamlphp/simplesamlphp 8 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/2019-11-19.yaml: -------------------------------------------------------------------------------- 1 | title: Information disclosure 2 | link: https://simplesamlphp.org/security/201911-02 3 | branches: 4 | 1.17.x: 5 | time: ~ 6 | versions: ['>=1.17.0', '<1.17.8'] 7 | reference: composer://simplesamlphp/simplesamlphp 8 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2016-3124.yaml: -------------------------------------------------------------------------------- 1 | title: Information leakage issue in the sanitycheck module 2 | link: https://simplesamlphp.org/security/201603-01 3 | cve: CVE-2016-3124 4 | branches: 5 | master: 6 | time: 2016-03-07 13:04:57 7 | versions: ['<1.14.1'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2016-9955.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect signature verification 2 | link: https://simplesamlphp.org/security/201612-02 3 | cve: CVE-2016-9955 4 | branches: 5 | 1.14.x: 6 | time: 2016-12-03 12:14:51 7 | versions: ['<1.14.11'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12867.yaml: -------------------------------------------------------------------------------- 1 | title: Invalid token creation and validation 2 | link: https://simplesamlphp.org/security/201708-01 3 | cve: CVE-2017-12867 4 | branches: 5 | 1.14.x: 6 | time: 2017-06-28 14:13:10 7 | versions: ['>=1.14.0', '<1.14.15'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12868.yaml: -------------------------------------------------------------------------------- 1 | title: Session fixation and authentication bypass (authcrypt module) 2 | link: https://simplesamlphp.org/security/201705-01 3 | cve: CVE-2017-12868 4 | branches: 5 | 1.14.x: 6 | time: 2017-05-05 10:46:00 7 | versions: ['>=1.14.12', '<1.14.14'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12869.yaml: -------------------------------------------------------------------------------- 1 | title: Authentication context bypass (multiauth module) 2 | link: https://simplesamlphp.org/security/201704-02 3 | cve: CVE-2017-12869 4 | branches: 5 | 1.14.x: 6 | time: 2017-05-05 10:47:00 7 | versions: ['<1.14.14'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12870.yaml: -------------------------------------------------------------------------------- 1 | title: Unauthenticated encryption in CBC mode 2 | link: https://simplesamlphp.org/security/201704-01 3 | cve: CVE-2017-12870 4 | branches: 5 | 1.14.x: 6 | time: 2017-04-26 13:24:00 7 | versions: ['<1.14.13'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12871.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect IV generation for encryption 2 | link: https://simplesamlphp.org/security/201703-02 3 | cve: CVE-2017-12871 4 | branches: 5 | 1.14.x: 6 | time: 2017-03-30 09:51:00 7 | versions: ['>=1.14.0', '<1.14.12'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-12873.yaml: -------------------------------------------------------------------------------- 1 | title: Incorrect persistent NameID generation 2 | link: https://simplesamlphp.org/security/201612-04 3 | cve: CVE-2017-12873 4 | branches: 5 | 1.14.x: 6 | time: 2016-12-12 12:13:00 7 | versions: ['>=1.7.0', '<1.14.11'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2017-18122.yaml: -------------------------------------------------------------------------------- 1 | title: Signature validation bypass (SAML 1.1) 2 | link: https://simplesamlphp.org/security/201710-01 3 | cve: CVE-2017-18122 4 | branches: 5 | 1.14.x: 6 | time: 2017-10-25 10:54:00 7 | versions: ['<1.14.17'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2018-6520.yaml: -------------------------------------------------------------------------------- 1 | title: Open redirection protection bypass 2 | link: https://simplesamlphp.org/security/201801-02 3 | cve: CVE-2018-6520 4 | branches: 5 | 1.15.x: 6 | time: 2018-01-31 10:34:00 7 | versions: ['<1.15.2'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2018-6521.yaml: -------------------------------------------------------------------------------- 1 | title: Use of insecure connection charset (sqlauth module) 2 | link: https://simplesamlphp.org/security/201801-03 3 | cve: CVE-2018-6521 4 | branches: 5 | 1.15.x: 6 | time: 2018-01-31 10:34:00 7 | versions: ['<1.15.2'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /simplesamlphp/simplesamlphp/CVE-2020-5301.yaml: -------------------------------------------------------------------------------- 1 | title: Information disclosure of source code 2 | link: https://simplesamlphp.org/security/202004-01 3 | cve: CVE-2020-5301 4 | branches: 5 | 1.18.x: 6 | time: 2018-04-17 07:15:00 7 | versions: ['<1.18.6'] 8 | reference: composer://simplesamlphp/simplesamlphp 9 | -------------------------------------------------------------------------------- /sitegeist/fluid-components/CVE-2023-28604.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2023-003' 3 | cve: CVE-2023-28604 4 | branches: 5 | main: 6 | time: '2023-03-22 12:31:00' 7 | versions: ['<3.5.0'] 8 | reference: 'composer://sitegeist/fluid-components' 9 | -------------------------------------------------------------------------------- /slim/slim/CVE-2015-2171.yaml: -------------------------------------------------------------------------------- 1 | title: PHP object injection attack vulnerability in Slim. 2 | link: https://github.com/slimphp/Slim/issues/1034 3 | cve: CVE-2015-2171 4 | branches: 5 | 2.x: 6 | time: 2015-03-01 09:13:00 7 | versions: ['<2.6.0'] 8 | reference: composer://slim/slim 9 | -------------------------------------------------------------------------------- /smarty/smarty/CVE-2018-13982.yaml: -------------------------------------------------------------------------------- 1 | title: Trusted-Directory Bypass via Path Traversal 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal 3 | cve: CVE-2018-13982 4 | branches: 5 | master: 6 | time: 2018-04-26 19:38:08 7 | versions: ['<3.1.33'] 8 | reference: composer://smarty/smarty -------------------------------------------------------------------------------- /smarty/smarty/CVE-2018-16831.yaml: -------------------------------------------------------------------------------- 1 | title: Trusted-Directory Bypass via Path Traversal 2 | link: https://github.com/smarty-php/smarty/issues/486 3 | cve: CVE-2018-16831 4 | branches: 5 | master: 6 | time: 2018-04-26 19:38:08 7 | versions: ['<3.1.33'] 8 | reference: composer://smarty/smarty 9 | -------------------------------------------------------------------------------- /smarty/smarty/CVE-2021-26119.yaml: -------------------------------------------------------------------------------- 1 | title: template_object Sandbox Escape PHP Code Injection 2 | link: https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html 3 | cve: CVE-2021-26119 4 | branches: 5 | master: 6 | time: 2021-01-24 22:13:26 7 | versions: ['<=3.1.38'] 8 | reference: composer://smarty/smarty 9 | -------------------------------------------------------------------------------- /smarty/smarty/CVE-2021-26120.yaml: -------------------------------------------------------------------------------- 1 | title: Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection 2 | link: https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html 3 | cve: CVE-2021-26120 4 | branches: 5 | master: 6 | time: 2021-01-24 22:44:07 7 | versions: ['<=3.1.38'] 8 | reference: composer://smarty/smarty 9 | -------------------------------------------------------------------------------- /socalnick/scn-social-auth/2015-01-15.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in login redirect param 2 | link: https://github.com/socalnick/scnsocialauth/issues/184 3 | branches: 4 | master: 5 | time: 2015-01-16 06:44:44 6 | versions: [<1.15.2] 7 | reference: composer://socalnick/scn-social-auth 8 | -------------------------------------------------------------------------------- /socialiteproviders/steam/2021-01-29.yaml: -------------------------------------------------------------------------------- 1 | title: Authentication bypass via attacker provided openid server 2 | link: https://github.com/SocialiteProviders/Steam/security/advisories/GHSA-hhw9-35p2-q2c5 3 | branches: 4 | "1.0": 5 | time: null 6 | versions: ['<1.1'] 7 | reference: composer://socialiteproviders/steam 8 | -------------------------------------------------------------------------------- /spoonity/tcpdf/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<6.2.22'] 8 | reference: composer://spoonity/tcpdf 9 | -------------------------------------------------------------------------------- /squizlabs/php_codesniffer/2017-05-18.yaml: -------------------------------------------------------------------------------- 1 | title: Arbitrary shell execution 2 | link: https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1 3 | cve: ~ 4 | branches: 5 | 3.0.x: 6 | time: 2017-05-18 04:24:49 7 | versions: ['>=3.0.0', '<3.0.1'] 8 | reference: composer://squizlabs/php_codesniffer 9 | -------------------------------------------------------------------------------- /stormpath/sdk/2017-11-20.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Random Number Generator 2 | link: https://github.com/stormpath/stormpath-sdk-php/issues/132 3 | cve: ~ 4 | branches: 5 | 0.x: 6 | time: ~ 7 | versions: ['>=0.0.0', '<9.9.99'] 8 | reference: composer://stormpath/sdk 9 | -------------------------------------------------------------------------------- /studio-42/elfinder/CVE-2019-6257.yaml: -------------------------------------------------------------------------------- 1 | title: Fixed being bypassable of CVE-2019-6257 SSRF. 2 | link: https://github.com/Studio-42/elFinder/releases/tag/2.1.49 3 | cve: CVE-2019-6257 4 | branches: 5 | 2.1.x: 6 | time: 2019-04-16 15:19:14 7 | versions: [<2.1.49] 8 | reference: composer://studio-42/elfinder 9 | -------------------------------------------------------------------------------- /studio-42/elfinder/CVE-2019-9194.yaml: -------------------------------------------------------------------------------- 1 | title: elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. 2 | link: https://github.com/Studio-42/elFinder/releases/tag/2.1.48 3 | cve: CVE-2019-9194 4 | branches: 5 | 2.1.x: 6 | time: 2019-02-26 12:10:32 7 | versions: [<2.1.48] 8 | reference: composer://studio-42/elfinder 9 | -------------------------------------------------------------------------------- /studiomitte/friendlycaptcha/CVE-2024-38873.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2024-004: Broken Access Control in "Integration of Friendly Captcha" (friendlycaptcha_official)' 2 | link: https://typo3.org/security/advisory/typo3-ext-sa-2024-004 3 | cve: CVE-2024-38873 4 | branches: 5 | main: 6 | time: 2024-06-08 09:03:00 7 | versions: ['>=0.0.1', '<0.1.4'] 8 | reference: composer://studiomitte/friendlycaptcha 9 | -------------------------------------------------------------------------------- /sulu/sulu/CVE-2023-39343.yaml: -------------------------------------------------------------------------------- 1 | title: Observable Response Discrepancy on Admin Login 2 | link: https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr 3 | cve: CVE-2023-39343 4 | branches: 5 | '2.5': 6 | time: 2023-08-03 06:02:00 7 | versions: ['>=2.5.0', '<2.5.10'] 8 | 9 | reference: composer://sulu/sulu 10 | -------------------------------------------------------------------------------- /symfony/dependency-injection/2012-08-28.yaml: -------------------------------------------------------------------------------- 1 | title: Security fixes related to the way XML is handled 2 | link: https://symfony.com/blog/security-release-symfony-2-0-17-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-08-27 19:17:44 7 | versions: ['>=2.0.0', '<2.0.17'] 8 | reference: composer://symfony/dependency-injection 9 | -------------------------------------------------------------------------------- /symfony/http-foundation/CVE-2012-6431.yaml: -------------------------------------------------------------------------------- 1 | title: Routes behind a firewall are accessible even when not logged in 2 | link: https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released 3 | cve: CVE-2012-6431 4 | branches: 5 | 2.0.x: 6 | time: 2012-03-19 15:59:52 7 | versions: ['>=2.0.0', '<2.0.19'] 8 | reference: composer://symfony/http-foundation 9 | -------------------------------------------------------------------------------- /symfony/mime/CVE-2019-18888.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser" 2 | link: https://symfony.com/cve-2019-18888 3 | cve: CVE-2019-18888 4 | branches: 5 | 4.3.x: 6 | time: 2019-11-13 08:00:00 7 | versions: ['>=4.3.0', '<4.3.8'] 8 | reference: composer://symfony/mime 9 | -------------------------------------------------------------------------------- /symfony/polyfill-php55/CVE-2013-5958.yaml: -------------------------------------------------------------------------------- 1 | title: Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958) 2 | link: https://github.com/symfony/polyfill/pull/155 3 | cve: CVE-2013-5958 4 | branches: 5 | 1.x: 6 | time: 2018-10-31 12:19:00 7 | versions: ['>=1.0.0', '<1.10.0'] 8 | reference: composer://symfony/polyfill-php55 9 | -------------------------------------------------------------------------------- /symfony/polyfill/CVE-2013-5958.yaml: -------------------------------------------------------------------------------- 1 | title: Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958) 2 | link: https://github.com/symfony/polyfill/pull/155 3 | cve: CVE-2013-5958 4 | branches: 5 | 1.x: 6 | time: 2018-10-31 12:19:00 7 | versions: ['>=1.0.0', '<1.10.0'] 8 | reference: composer://symfony/polyfill 9 | -------------------------------------------------------------------------------- /symfony/routing/2012-08-28.yaml: -------------------------------------------------------------------------------- 1 | title: Security fixes related to the way XML is handled 2 | link: https://symfony.com/blog/security-release-symfony-2-0-17-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-08-27 19:17:44 7 | versions: ['>=2.0.0', '<2.0.17'] 8 | reference: composer://symfony/routing 9 | -------------------------------------------------------------------------------- /symfony/routing/CVE-2012-6431.yaml: -------------------------------------------------------------------------------- 1 | title: Routes behind a firewall are accessible even when not logged in 2 | link: https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released 3 | cve: CVE-2012-6431 4 | branches: 5 | 2.0.x: 6 | time: 2012-03-19 15:59:52 7 | versions: ['>=2.0.0', '<2.0.19'] 8 | reference: composer://symfony/routing 9 | -------------------------------------------------------------------------------- /symfony/security-bundle/CVE-2021-41268.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-41268: Remember me cookie persistance after password changes" 2 | link: https://symfony.com/cve-2021-41268 3 | cve: CVE-2021-41268 4 | branches: 5 | 5.3.x: 6 | time: 2021-10-23 11:11:11 7 | versions: ['>=5.3.0', '<5.3.12'] 8 | reference: composer://symfony/security-bundle 9 | -------------------------------------------------------------------------------- /symfony/security-http/CVE-2021-32693.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-32693: Authentication granted to all firewalls instead of just one" 2 | link: https://symfony.com/cve-2021-32693 3 | cve: CVE-2021-32693 4 | branches: 5 | 5.3.x: 6 | time: 2021-06-17 15:00:00 7 | versions: ['>=5.3.0', '<5.3.2'] 8 | reference: composer://symfony/security-http 9 | -------------------------------------------------------------------------------- /symfony/security/CVE-2012-6431.yaml: -------------------------------------------------------------------------------- 1 | title: Routes behind a firewall are accessible even when not logged in 2 | link: https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released 3 | cve: CVE-2012-6431 4 | branches: 5 | 2.0.x: 6 | time: 2012-03-19 15:59:52 7 | versions: ['>=2.0.0', '<2.0.19'] 8 | reference: composer://symfony/security 9 | -------------------------------------------------------------------------------- /symfony/security/CVE-2020-5275.yaml: -------------------------------------------------------------------------------- 1 | title: 'CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy' 2 | link: https://symfony.com/cve-2020-5275 3 | cve: CVE-2020-5275 4 | branches: 5 | 4.4.x: 6 | time: 2020-03-30 14:00:00 7 | versions: ['>=4.4.0', '<4.4.7'] 8 | reference: composer://symfony/security 9 | -------------------------------------------------------------------------------- /symfony/serializer/2012-02-24.yaml: -------------------------------------------------------------------------------- 1 | title: XML decoding attack vector through external entities 2 | link: https://symfony.com/blog/security-release-symfony-2-0-11-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-02-24 13:26:13 7 | versions: ['>=2.0.0', '<2.0.11'] 8 | reference: composer://symfony/serializer 9 | -------------------------------------------------------------------------------- /symfony/symfony/2011-11-16.yaml: -------------------------------------------------------------------------------- 1 | title: Vulnerability in the EntityUserProvider as provided in the Doctrine bridge 2 | link: https://symfony.com/blog/security-release-symfony-2-0-6 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-11-08 08:33:49 7 | versions: ['>=2.0.0', '<2.0.6'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/2012-02-24.yaml: -------------------------------------------------------------------------------- 1 | title: XML decoding attack vector through external entities 2 | link: https://symfony.com/blog/security-release-symfony-2-0-11-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-02-24 13:26:13 7 | versions: ['>=2.0.0', '<2.0.11'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/2012-08-28.yaml: -------------------------------------------------------------------------------- 1 | title: Security fixes related to the way XML is handled 2 | link: https://symfony.com/blog/security-release-symfony-2-0-17-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-08-27 19:17:44 7 | versions: ['>=2.0.0', '<2.0.17'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/CVE-2012-6431.yaml: -------------------------------------------------------------------------------- 1 | title: Routes behind a firewall are accessible even when not logged in 2 | link: https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released 3 | cve: CVE-2012-6431 4 | branches: 5 | 2.0.x: 6 | time: 2012-03-19 15:59:52 7 | versions: ['>=2.0.0', '<2.0.19'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/CVE-2013-1348.yaml: -------------------------------------------------------------------------------- 1 | title: Ability to enable/disable PHP parsing in Yaml::parse() 2 | link: https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released 3 | cve: CVE-2013-1348 4 | branches: 5 | 2.0.x: 6 | time: 2013-01-15 21:16:19 7 | versions: ['>=2.0.0', '<2.0.22'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/CVE-2021-32693.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-32693: Authentication granted to all firewalls instead of just one" 2 | link: https://symfony.com/cve-2021-32693 3 | cve: CVE-2021-32693 4 | branches: 5 | 5.3.x: 6 | time: 2021-06-17 15:00:00 7 | versions: ['>=5.3.0', '<5.3.2'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/CVE-2021-41268.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2021-41268: Remember me cookie persistance after password changes" 2 | link: https://symfony.com/cve-2021-41268 3 | cve: CVE-2021-41268 4 | branches: 5 | 5.3.x: 6 | time: 2021-10-23 11:11:11 7 | versions: ['>=5.3.0', '<5.3.12'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/symfony/CVE-2023-46735.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2023-46735: Potential XSS in WebhookController" 2 | link: https://symfony.com/cve-2023-46735 3 | cve: CVE-2023-46735 4 | branches: 5 | 6.3.x: 6 | time: 2023-11-10 08:00:00 7 | versions: ['>=6.3.0', '<6.3.8'] 8 | reference: composer://symfony/symfony 9 | -------------------------------------------------------------------------------- /symfony/translation/2012-08-28.yaml: -------------------------------------------------------------------------------- 1 | title: Security fixes related to the way XML is handled 2 | link: https://symfony.com/blog/security-release-symfony-2-0-17-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-08-27 19:17:44 7 | versions: ['>=2.0.0', '<2.0.17'] 8 | reference: composer://symfony/translation 9 | -------------------------------------------------------------------------------- /symfony/ux-autocomplete/CVE-2023-41336.yaml: -------------------------------------------------------------------------------- 1 | title: "symfony/ux-autocomplete Prevent injection of invalid entity ids for \"autocomplete\" fields" 2 | link: https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x 3 | cve: CVE-2023-41336 4 | branches: 5 | 2.x: 6 | time: 2023-09-11 12:55:00 7 | versions: ['<2.11.2'] 8 | reference: composer://symfony/ux-autocomplete 9 | -------------------------------------------------------------------------------- /symfony/validator/2012-08-28.yaml: -------------------------------------------------------------------------------- 1 | title: Security fixes related to the way XML is handled 2 | link: https://symfony.com/blog/security-release-symfony-2-0-17-released 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-08-27 19:17:44 7 | versions: ['>=2.0.0', '<2.0.17'] 8 | reference: composer://symfony/validator 9 | -------------------------------------------------------------------------------- /symfony/webhook/CVE-2023-46735.yaml: -------------------------------------------------------------------------------- 1 | title: "CVE-2023-46735: Potential XSS in WebhookController" 2 | link: https://symfony.com/cve-2023-46735 3 | cve: CVE-2023-46735 4 | branches: 5 | 6.3.x: 6 | time: 2023-11-10 08:00:00 7 | versions: ['>=6.3.0', '<6.3.8'] 8 | reference: composer://symfony/webhook 9 | -------------------------------------------------------------------------------- /symfony/yaml/CVE-2013-1348.yaml: -------------------------------------------------------------------------------- 1 | title: Ability to enable/disable PHP parsing in Yaml::parse() 2 | link: https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released 3 | cve: CVE-2013-1348 4 | branches: 5 | 2.0.x: 6 | time: 2013-01-15 21:16:19 7 | versions: ['>=2.0.0', '<2.0.22'] 8 | reference: composer://symfony/yaml 9 | -------------------------------------------------------------------------------- /tecnickcom/tcpdf/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: 2018-09-14 15:26:29 7 | versions: ['<6.2.22'] 8 | reference: composer://tecnickcom/tcpdf 9 | -------------------------------------------------------------------------------- /terminal42/contao-tablelookupwizard/2022-02-04-1.yaml: -------------------------------------------------------------------------------- 1 | title: Possible SQL injection in widget field value 2 | link: https://github.com/terminal42/contao-tablelookupwizard/security/advisories/GHSA-v3mr-gp7j-pw5w 3 | cve: ~ 4 | branches: 5 | master: 6 | time: 2022-02-04 08:13:00 7 | versions: ['>=1.0.0', '<3.3.5'] 8 | reference: composer://terminal42/contao-tablelookupwizard 9 | -------------------------------------------------------------------------------- /thelia/backoffice-default-template/2015-02-24-1.yaml: -------------------------------------------------------------------------------- 1 | title: XSS injection in backoffice 2 | link: https://thelia.net/version-2-1-2-with-security-fix 3 | cve: ~ 4 | branches: 5 | 2.1.x: 6 | time: 2015-02-24 17:46:34 7 | versions: ['>=2.1.0', '<2.1.2'] 8 | reference: composer://thelia/backoffice-default-template 9 | -------------------------------------------------------------------------------- /thelia/thelia/2015-02-24-1.yaml: -------------------------------------------------------------------------------- 1 | title: XSS injection in backoffice 2 | link: https://thelia.net/version-2-1-2-with-security-fix 3 | cve: ~ 4 | branches: 5 | 2.1.x: 6 | time: 2015-02-24 17:46:34 7 | versions: ['>=2.1.0', '<2.1.2'] 8 | reference: composer://thelia/thelia 9 | -------------------------------------------------------------------------------- /thelia/thelia/2015-04-13-1.yaml: -------------------------------------------------------------------------------- 1 | title: User authentication bypass 2 | link: https://thelia.net/version-2-1-3-with-security-fix 3 | cve: ~ 4 | branches: 5 | 2.1.x: 6 | time: 2015-04-13 12:10:12 7 | versions: ['>=2.1.0-beta1', '<2.1.3'] 8 | reference: composer://thelia/thelia 9 | -------------------------------------------------------------------------------- /theonedemon/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.2.5'] 8 | reference: composer://theonedemon/phpwhois -------------------------------------------------------------------------------- /titon/framework/2017-11-20.yaml: -------------------------------------------------------------------------------- 1 | title: Remote Code Execution via Chosen-Ciphertext Attack 2 | link: https://github.com/titon/framework/issues/93 3 | cve: ~ 4 | branches: 5 | 0.x: 6 | time: ~ 7 | versions: ['>=0.0.0', '<9.9.99'] 8 | reference: composer://titon/framework 9 | -------------------------------------------------------------------------------- /truckersmp/phpwhois/CVE-2015-5243.yaml: -------------------------------------------------------------------------------- 1 | title: PHP Code Injection 2 | link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180425-01_phpWhois_Code_Execution 3 | cve: CVE-2015-5243 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<=4.3.1'] 8 | reference: composer://truckersmp/phpwhois -------------------------------------------------------------------------------- /twig/twig/2013-04-08.yaml: -------------------------------------------------------------------------------- 1 | title: Vulnerability in the filesystem loader 2 | link: http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2013-04-08 13:16:10 7 | versions: ['>=1.0.0', '<1.12.3'] 8 | reference: composer://twig/twig 9 | -------------------------------------------------------------------------------- /twig/twig/CVE-2015-7809.yaml: -------------------------------------------------------------------------------- 1 | title: Remote code execution in templates 2 | link: https://symfony.com/blog/security-release-twig-1-20-0 3 | cve: CVE-2015-7809 4 | branches: 5 | 1.x: 6 | time: 2015-08-12 15:53:50 7 | versions: [<1.20.0] 8 | reference: composer://twig/twig 9 | -------------------------------------------------------------------------------- /twig/twig/CVE-2025-24374.yaml: -------------------------------------------------------------------------------- 1 | title: Missing output escaping for the null coalesce operator 2 | link: https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator 3 | cve: CVE-2025-24374 4 | branches: 5 | 3.x: 6 | time: 2025-01-29 06:52:00 7 | versions: ['>=3.16.0', '<3.19.0'] 8 | reference: composer://twig/twig 9 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-07-12-1.yaml: -------------------------------------------------------------------------------- 1 | title: Authentication Bypass in TYPO3 CMS 2 | link: https://typo3.org/security/advisory/typo3-core-sa-2018-001 3 | branches: 4 | 8.x: 5 | time: 2018-07-12 09:34:56 6 | versions: ['>=8.0.0', '<8.7.17'] 7 | 9.x: 8 | time: 2018-07-12 09:34:56 9 | versions: ['>=9.0.0', '<9.3.2'] 10 | reference: composer://typo3/cms-core 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-07-12-4.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Deserialization in TYPO3 CMS 2 | link: https://typo3.org/security/advisory/typo3-core-sa-2018-004 3 | branches: 4 | 8.x: 5 | time: 2018-07-12 09:34:56 6 | versions: ['>=8.5.0', '<8.7.17'] 7 | 9.x: 8 | time: 2018-07-12 09:34:56 9 | versions: ['>=9.0.0', '<9.3.2'] 10 | reference: composer://typo3/cms-core 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-2.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Backend Modal Component' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-007' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:12' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | 9.x: 8 | time: '2018-12-11 09:57:07' 9 | versions: ['>=9.0.0', '<9.5.2'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-3.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Frontend User Login' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-008' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:19' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | 9.x: 8 | time: '2018-12-11 09:57:13' 9 | versions: ['>=9.0.0', '<9.5.2'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-4.yaml: -------------------------------------------------------------------------------- 1 | title: 'Security Misconfiguration in Install Tool Cookie' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-009' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:26' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | 9.x: 8 | time: '2018-12-11 09:57:20' 9 | versions: ['>=9.0.0', '<9.5.2'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-5.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in Install Tool' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-010' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:32' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | 9.x: 8 | time: '2018-12-11 09:57:26' 9 | versions: ['>=9.0.0', '<9.5.2'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-6.yaml: -------------------------------------------------------------------------------- 1 | title: 'Denial of Service in Online Media Asset Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-011' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:38' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | 9.x: 8 | time: '2018-12-11 09:57:33' 9 | versions: ['>=9.0.0', '<9.5.2'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2018-12-11-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Denial of Service in Frontend Record Registration' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-012' 3 | branches: 4 | 8.x: 5 | time: '2018-12-11 09:56:45' 6 | versions: ['>=8.0.0', '<8.7.21'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure of Installed Extensions' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-001' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:04' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:41:55' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-3.yaml: -------------------------------------------------------------------------------- 1 | title: 'Broken Access Control in Localization Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-003' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:19' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-4.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Fluid ViewHelpers' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-005' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:26' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:16' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-6.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Form Framework' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-007' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:41' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:34' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Arbitrary Code Execution via File List Module' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-008' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:47' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:42' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-01-22-8.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Language Pack Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-004' 3 | branches: 4 | 9.x: 5 | time: '2019-01-22 08:42:09' 6 | versions: ['>=9.0.0', '<9.5.4'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-05-07-4.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in Page Tree' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-009' 3 | branches: 4 | 9.x: 5 | time: '2019-05-07 09:42:43' 6 | versions: ['>=9.0.0', '<9.5.6'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-05-07-5.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in User Authentication' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-010' 3 | branches: 4 | 9.x: 5 | time: '2019-05-07 09:43:01' 6 | versions: ['>=9.0.0', '<9.5.6'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-06-25-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in Backend User Interface' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-014' 3 | branches: 4 | 8.x: 5 | time: '2019-06-25 06:38:40' 6 | versions: ['>=8.0.0', '<8.7.27'] 7 | 9.x: 8 | time: '2019-06-25 06:39:42' 9 | versions: ['>=9.0.0', '<9.5.8'] 10 | reference: 'composer://typo3/cms-core' 11 | -------------------------------------------------------------------------------- /typo3/cms-core/2019-06-25-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Broken Access Control in Import Module' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-017' 3 | branches: 4 | 9.x: 5 | time: '2019-06-25 06:40:18' 6 | versions: ['>=9.0.0', '<9.5.8'] 7 | reference: 'composer://typo3/cms-core' 8 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2019-10912.yaml: -------------------------------------------------------------------------------- 1 | title: 'Possible deserialization side-effects in symfony/cache' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-016' 3 | cve: CVE-2019-10912 4 | branches: 5 | 9.x: 6 | time: '2019-06-25 06:40:06' 7 | versions: ['>=9.0.0', '<9.5.8'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2020-11063.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2020-001' 3 | cve: CVE-2020-11063 4 | branches: 5 | 10.x: 6 | time: '2020-05-12 09:21:43' 7 | versions: ['>=10.0.0', '<10.4.2'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2020-26229.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2020-012' 3 | cve: CVE-2020-26229 4 | branches: 5 | 10.x: 6 | time: '2020-11-17 08:51:21' 7 | versions: ['>=10.0.0', '<10.4.10'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2021-41113.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-014' 3 | cve: CVE-2021-41113 4 | branches: 5 | 11.x: 6 | time: '2021-10-05 11:02:10' 7 | versions: ['>=11.2.0', '<11.5.0'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2021-41114.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-015' 3 | cve: CVE-2021-41114 4 | branches: 5 | 11.x: 6 | time: '2021-10-05 11:02:47' 7 | versions: ['>=11.0.0', '<11.5.0'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms-core/CVE-2022-36104.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-006' 3 | cve: CVE-2022-36104 4 | branches: 5 | 11.x: 6 | time: '2022-09-13 08:07:10' 7 | versions: ['>=11.0.0', '<11.5.16'] 8 | reference: 'composer://typo3/cms-core' 9 | -------------------------------------------------------------------------------- /typo3/cms/2014-05-22-1.yaml: -------------------------------------------------------------------------------- 1 | title: The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ 3 | branches: 4 | 6.2.x: 5 | time: 2014-05-22 07:34:03 6 | versions: ['>=6.2.0', '<6.2.3'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2014-10-22-2.yaml: -------------------------------------------------------------------------------- 1 | title: Arbitrary Shell Execution in Swiftmailer library 2 | link: https://typo3.org/security/advisory/typo3-core-sa-2014-002 3 | branches: 4 | 6.2.x: 5 | time: 2014-10-22 09:14:25 6 | versions: ['>=6.2.0', '<6.2.6'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2015-12-15-4.yaml: -------------------------------------------------------------------------------- 1 | title: "TYPO3 is susceptible to Cross-Site Flashing" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/ 3 | branches: 4 | 6.2.x: 5 | time: 2015-12-15 11:38:00 6 | versions: ['>=6.2.0', '<6.2.16'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2015-12-15-5.yaml: -------------------------------------------------------------------------------- 1 | title: "Cross-Site Scripting in TYPO3 component Indexed Search" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/ 3 | branches: 4 | 6.2.x: 5 | time: 2015-12-15 11:38:00 6 | versions: ['>=6.2.0', '<6.2.16'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2016-02-16-1.yaml: -------------------------------------------------------------------------------- 1 | title: "SQL Injection in dbal" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-016/ 3 | branches: 4 | 6.2.x: 5 | time: 2016-02-16 12:32:00 6 | versions: ['>=6.2.0', '<6.2.18'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2016-02-16-3.yaml: -------------------------------------------------------------------------------- 1 | title: "Cross-Site Scripting in legacy form component" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-003/ 3 | branches: 4 | 6.2.x: 5 | time: 2016-02-16 12:32:00 6 | versions: ['>=6.2.0', '<6.2.18'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2016-02-16-4.yaml: -------------------------------------------------------------------------------- 1 | title: "Cross-Site Scripting in form component" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-004/ 3 | branches: 4 | 6.2.x: 5 | time: 2016-02-16 12:32:00 6 | versions: ['>=6.2.0', '<6.2.18'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2016-02-23-2.yaml: -------------------------------------------------------------------------------- 1 | title: "Cross-Site Scripting in TYPO3 component Backend" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/ 3 | branches: 4 | 6.2.x: 5 | time: 2016-02-23 12:28:00 6 | versions: ['>=6.2.0', '<6.2.19'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2016-04-12-2.yaml: -------------------------------------------------------------------------------- 1 | title: "Arbitrary File Disclosure in Form Component" 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-010/ 3 | branches: 4 | 6.2.x: 5 | time: 2016-04-12 12:07:00 6 | versions: ['>=6.2.0', '<6.2.20'] 7 | reference: composer://typo3/cms 8 | -------------------------------------------------------------------------------- /typo3/cms/2018-07-12-3.yaml: -------------------------------------------------------------------------------- 1 | title: Privilege Escalation & SQL Injection in TYPO3 CMS 2 | link: https://typo3.org/security/advisory/typo3-core-sa-2018-003 3 | branches: 4 | 8.x: 5 | time: 2018-07-12 09:34:56 6 | versions: ['>=8.5.0', '<8.7.17'] 7 | 9.x: 8 | time: 2018-07-12 09:34:56 9 | versions: ['>=9.0.0', '<9.3.2'] 10 | reference: composer://typo3/cms 11 | -------------------------------------------------------------------------------- /typo3/cms/2018-07-12-4.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Deserialization in TYPO3 CMS 2 | link: https://typo3.org/security/advisory/typo3-core-sa-2018-004 3 | branches: 4 | 8.x: 5 | time: 2018-07-12 09:34:56 6 | versions: ['>=8.5.0', '<8.7.17'] 7 | 9.x: 8 | time: 2018-07-12 09:34:56 9 | versions: ['>=9.0.0', '<9.3.2'] 10 | reference: composer://typo3/cms 11 | -------------------------------------------------------------------------------- /typo3/cms/2018-12-11-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Denial of Service in Frontend Record Registration' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2018-012' 3 | branches: 4 | 7.x: 5 | time: '2018-12-11 09:55:44' 6 | versions: ['>=7.0.0', '<7.6.32'] 7 | 8.x: 8 | time: '2018-12-11 09:56:45' 9 | versions: ['>=8.0.0', '<8.7.21'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure of Installed Extensions' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-001' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:04' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:41:55' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-2.yaml: -------------------------------------------------------------------------------- 1 | title: 'Security Misconfiguration for Backend User Accounts' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-002' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:12' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:01' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-3.yaml: -------------------------------------------------------------------------------- 1 | title: 'Broken Access Control in Localization Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-003' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:19' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | reference: 'composer://typo3/cms' 8 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-4.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Fluid ViewHelpers' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-005' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:26' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:16' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-6.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Form Framework' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-007' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:41' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:34' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Arbitrary Code Execution via File List Module' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-008' 3 | branches: 4 | 8.x: 5 | time: '2019-01-22 08:41:47' 6 | versions: ['>=8.0.0', '<8.7.23'] 7 | 9.x: 8 | time: '2019-01-22 08:42:42' 9 | versions: ['>=9.0.0', '<9.5.4'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-01-22-8.yaml: -------------------------------------------------------------------------------- 1 | title: 'Cross-Site Scripting in Language Pack Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-004' 3 | branches: 4 | 9.x: 5 | time: '2019-01-22 08:42:09' 6 | versions: ['>=9.0.0', '<9.5.4'] 7 | reference: 'composer://typo3/cms' 8 | -------------------------------------------------------------------------------- /typo3/cms/2019-05-07-2.yaml: -------------------------------------------------------------------------------- 1 | title: 'Security Misconfiguration in User Session Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-011' 3 | branches: 4 | 8.x: 5 | time: '2019-05-07 09:42:07' 6 | versions: ['>=8.0.0', '<8.7.25'] 7 | 9.x: 8 | time: '2019-05-07 09:43:18' 9 | versions: ['>=9.0.0', '<9.5.6'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-05-07-4.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in Page Tree' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-009' 3 | branches: 4 | 9.x: 5 | time: '2019-05-07 09:42:43' 6 | versions: ['>=9.0.0', '<9.5.6'] 7 | reference: 'composer://typo3/cms' 8 | -------------------------------------------------------------------------------- /typo3/cms/2019-05-07-5.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in User Authentication' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-010' 3 | branches: 4 | 9.x: 5 | time: '2019-05-07 09:43:01' 6 | versions: ['>=9.0.0', '<9.5.6'] 7 | reference: 'composer://typo3/cms' 8 | -------------------------------------------------------------------------------- /typo3/cms/2019-06-25-1.yaml: -------------------------------------------------------------------------------- 1 | title: 'Information Disclosure in Backend User Interface' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-014' 3 | branches: 4 | 8.x: 5 | time: '2019-06-25 06:38:40' 6 | versions: ['>=8.0.0', '<8.7.27'] 7 | 9.x: 8 | time: '2019-06-25 06:39:42' 9 | versions: ['>=9.0.0', '<9.5.8'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-06-25-3.yaml: -------------------------------------------------------------------------------- 1 | title: 'Security Misconfiguration in Frontend Session Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-018' 3 | branches: 4 | 8.x: 5 | time: '2019-06-25 06:39:05' 6 | versions: ['>=8.0.0', '<8.7.27'] 7 | 9.x: 8 | time: '2019-06-25 06:40:30' 9 | versions: ['>=9.0.0', '<9.5.8'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/2019-06-25-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Broken Access Control in Import Module' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-017' 3 | branches: 4 | 9.x: 5 | time: '2019-06-25 06:40:18' 6 | versions: ['>=9.0.0', '<9.5.8'] 7 | reference: 'composer://typo3/cms' 8 | -------------------------------------------------------------------------------- /typo3/cms/2019-12-17-7.yaml: -------------------------------------------------------------------------------- 1 | title: 'Possible Insecure Deserialization in Extbase Request Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-psa-2019-011' 3 | branches: 4 | 8.x: 5 | time: '2019-12-17 09:50:20' 6 | versions: ['>=8.0.0', '<8.7.30'] 7 | 9.x: 8 | time: '2019-12-17 09:51:18' 9 | versions: ['>=9.0.0', '<9.5.12'] 10 | reference: 'composer://typo3/cms' 11 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2013-4701.yaml: -------------------------------------------------------------------------------- 1 | title: 'Denial of Service in OpenID System Extension' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2014-002' 3 | cve: CVE-2013-4701 4 | branches: 5 | 6.2.x: 6 | time: '2014-10-22 09:14:28' 7 | versions: ['>=6.2.0', '<6.2.6'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2014-3941.yaml: -------------------------------------------------------------------------------- 1 | title: Possible Host Spoofing through SERVER_NAME 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ 3 | cve: CVE-2014-3941 4 | branches: 5 | 6.2.x: 6 | time: 2014-05-22 09:34:08 7 | versions: ['>=6.2.0', '<6.2.3'] 8 | reference: composer://typo3/cms 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2014-3943.yaml: -------------------------------------------------------------------------------- 1 | title: Failing to properly encode user input, several backend components are susceptible to XSS 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ 3 | cve: CVE-2014-3943 4 | branches: 5 | 6.2.x: 6 | time: 2014-05-22 09:34:03 7 | versions: ['>=6.2.0', '<6.2.3'] 8 | reference: composer://typo3/cms 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2014-3944.yaml: -------------------------------------------------------------------------------- 1 | title: Improper Session Invalidation 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ 3 | cve: CVE-2014-3944 4 | branches: 5 | 6.2.x: 6 | time: 2014-05-22 09:33:36 7 | versions: ['>=6.2.0', '<6.2.3'] 8 | reference: composer://typo3/cms 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2014-3946.yaml: -------------------------------------------------------------------------------- 1 | title: Information disclosure in the Extbase framework 2 | link: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/ 3 | cve: CVE-2014-3946 4 | branches: 5 | 6.2.x: 6 | time: 2014-05-22 09:33:36 7 | versions: ['>=6.2.0', '<6.2.3'] 8 | reference: composer://typo3/cms 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2019-10912.yaml: -------------------------------------------------------------------------------- 1 | title: 'Possible deserialization side-effects in symfony/cache' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2019-016' 3 | cve: CVE-2019-10912 4 | branches: 5 | 9.x: 6 | time: '2019-06-25 06:40:06' 7 | versions: ['>=9.0.0', '<9.5.8'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2020-11063.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2020-001' 3 | cve: CVE-2020-11063 4 | branches: 5 | 10.x: 6 | time: '2020-05-12 09:21:43' 7 | versions: ['>=10.0.0', '<10.4.2'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2020-26229.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2020-012' 3 | cve: CVE-2020-26229 4 | branches: 5 | 10.x: 6 | time: '2020-11-17 08:51:21' 7 | versions: ['>=10.0.0', '<10.4.10'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2021-41113.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-014' 3 | cve: CVE-2021-41113 4 | branches: 5 | 11.x: 6 | time: '2021-10-05 11:02:10' 7 | versions: ['>=11.2.0', '<11.5.0'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2021-41114.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-015' 3 | cve: CVE-2021-41114 4 | branches: 5 | 11.x: 6 | time: '2021-10-05 11:02:47' 7 | versions: ['>=11.0.0', '<11.5.0'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/cms/CVE-2022-36104.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling' 2 | link: 'https://typo3.org/security/advisory/typo3-core-sa-2022-006' 3 | cve: CVE-2022-36104 4 | branches: 5 | 11.x: 6 | time: '2022-09-13 08:07:10' 7 | versions: ['>=11.0.0', '<11.5.16'] 8 | reference: 'composer://typo3/cms' 9 | -------------------------------------------------------------------------------- /typo3/flow/2012-03-28.yaml: -------------------------------------------------------------------------------- 1 | title: Insecure Unserialize Vulnerability in FLOW3 2 | link: https://www.neos.io/blog/flow-sa-2012-001.html 3 | cve: ~ 4 | branches: 5 | 1.0.x: 6 | time: 2012-03-28 09:32:37 7 | versions: ['>=1.0.0', '<1.0.4'] 8 | reference: composer://typo3/flow 9 | -------------------------------------------------------------------------------- /typo3/neos/2015-03-28.yaml: -------------------------------------------------------------------------------- 1 | title: Privilege Escalation in TYPO3 Neos 2 | link: https://www.neos.io/blog/neos-sa-2015-001.html 3 | cve: ~ 4 | branches: 5 | 1.1.x: 6 | time: 2015-03-28 18:26:25 7 | versions: ['>=1.1.0', '<1.1.3'] 8 | 1.2.x: 9 | time: 2015-03-28 18:24:29 10 | versions: ['>=1.2.0', '<1.2.3'] 11 | reference: composer://typo3/neos 12 | -------------------------------------------------------------------------------- /typo3/neos/2015-11-23.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerabilities in Neos 2 | link: https://www.neos.io/blog/neos-sa-2015-002.html 3 | cve: ~ 4 | branches: 5 | 1.2.x: 6 | time: 2015-11-23 21:03:00 7 | versions: ['>=1.2.0', '<1.2.13'] 8 | 2.0.x: 9 | time: 2015-11-23 21:03:00 10 | versions: ['>=2.0.0', '<2.0.4'] 11 | reference: composer://typo3/neos 12 | -------------------------------------------------------------------------------- /ua-parser/uap-php/2018-12-14.yaml: -------------------------------------------------------------------------------- 1 | title: Denial of service 2 | link: https://github.com/ua-parser/uap-core/pull/363 3 | cve: ~ 4 | branches: 5 | master: 6 | time: '2018-12-14 12:44:10' 7 | versions: ['<3.8.0'] 8 | 9 | reference: composer://ua-parser/uap-php 10 | -------------------------------------------------------------------------------- /vrana/adminer/2019-01-20.yaml: -------------------------------------------------------------------------------- 1 | title: Adminer script versions up to 4.6.2 contains file disclosure vulnerability 2 | link: https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability 3 | reference: composer://vrana/adminer 4 | cve: ~ 5 | branches: 6 | master: 7 | time: 2018-06-28 00:00:00 8 | versions: ['<4.6.3'] 9 | -------------------------------------------------------------------------------- /waldhacker/hcaptcha/CVE-2023-41100.yaml: -------------------------------------------------------------------------------- 1 | title: 'TYPO3-EXT-SA-2023-007: Broken Access Control in extension "hCaptcha for EXT:form" (hcaptcha)' 2 | link: 'https://typo3.org/security/advisory/typo3-ext-sa-2023-007' 3 | cve: CVE-2023-41100 4 | branches: 5 | main: 6 | time: '2023-08-16 10:05:00' 7 | versions: ['<2.1.2'] 8 | reference: 'composer://waldhacker/hcaptcha' 9 | -------------------------------------------------------------------------------- /wallabag/tcpdf/CVE-2018-17057.yaml: -------------------------------------------------------------------------------- 1 | title: Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. 2 | link: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed 3 | cve: CVE-2018-17057 4 | branches: 5 | master: 6 | time: null 7 | versions: ['<6.2.22'] 8 | reference: composer://wallabag/tcpdf 9 | -------------------------------------------------------------------------------- /wikimedia/parsoid/CVE-2021-30458.yaml: -------------------------------------------------------------------------------- 1 | title: Parsoid comment fostering allows for inserting mostly arbitrary tags 2 | link: https://phabricator.wikimedia.org/T279451 3 | cve: CVE-2021-30458 4 | branches: 5 | 0.12.x: 6 | time: 2021-04-08 05:36:00 7 | versions: ['<0.12.2'] 8 | 9 | reference: composer://wikimedia/parsoid 10 | 11 | -------------------------------------------------------------------------------- /willdurand/js-translation-bundle/2014-07-29-1.yaml: -------------------------------------------------------------------------------- 1 | title: Fixed potential path traversal attack and remote code injection 2 | link: https://github.com/willdurand/BazingaJsTranslationBundle/releases/tag/v2.1.1 3 | cve: ~ 4 | branches: 5 | 2.1.x: 6 | time: 2014-07-29 11:19:06 7 | versions: [ <2.1.1 ] 8 | reference: composer://willdurand/js-translation-bundle 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-bootstrap/CVE-2015-3397.yaml: -------------------------------------------------------------------------------- 1 | title: JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks 2 | link: https://www.yiiframework.com/news/86/yii-2-0-4-is-released/ 3 | cve: CVE-2015-3397 4 | branches: 5 | 2.0.x: 6 | time: 2015-05-10 03:43:16 7 | versions: [<2.0.4] 8 | reference: composer://yiisoft/yii2-bootstrap 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-dev/CVE-2015-3397.yaml: -------------------------------------------------------------------------------- 1 | title: JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks 2 | link: https://www.yiiframework.com/news/86/yii-2-0-4-is-released/ 3 | cve: CVE-2015-3397 4 | branches: 5 | 2.0.x: 6 | time: 2015-05-10 03:38:17 7 | versions: [<2.0.4] 8 | reference: composer://yiisoft/yii2-dev 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-dev/CVE-2015-5467.yaml: -------------------------------------------------------------------------------- 1 | title: class yii\web\ViewAction allowed to include arbitrary files that end with .php 2 | link: https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/ 3 | cve: CVE-2015-5467 4 | branches: 5 | 2.0.x: 6 | time: 2015-07-10 18:12:53 7 | versions: [<2.0.5] 8 | reference: composer://yiisoft/yii2-dev 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-dev/CVE-2018-6009.yaml: -------------------------------------------------------------------------------- 1 | title: The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity 2 | link: https://www.yiiframework.com/news/165/yii-2-0-14-is-released/ 3 | cve: CVE-2018-6009 4 | branches: 5 | 2.0.x: 6 | time: 2018-01-13 23:13:00 7 | versions: [<2.0.14] 8 | reference: composer://yiisoft/yii2-dev 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-gii/CVE-2015-3397.yaml: -------------------------------------------------------------------------------- 1 | title: JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks 2 | link: https://www.yiiframework.com/news/86/yii-2-0-4-is-released/ 3 | cve: CVE-2015-3397 4 | branches: 5 | 2.0.x: 6 | time: 2015-05-10 03:41:39 7 | versions: [<2.0.4] 8 | reference: composer://yiisoft/yii2-gii 9 | -------------------------------------------------------------------------------- /yiisoft/yii2-jui/CVE-2015-3397.yaml: -------------------------------------------------------------------------------- 1 | title: JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks 2 | link: https://www.yiiframework.com/news/86/yii-2-0-4-is-released/ 3 | cve: CVE-2015-3397 4 | branches: 5 | 2.0.x: 6 | time: 2015-05-10 03:58:01 7 | versions: [<2.0.4] 8 | reference: composer://yiisoft/yii2-jui 9 | -------------------------------------------------------------------------------- /yiisoft/yii2/CVE-2015-3397.yaml: -------------------------------------------------------------------------------- 1 | title: JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks 2 | link: https://www.yiiframework.com/news/86/yii-2-0-4-is-released/ 3 | cve: CVE-2015-3397 4 | branches: 5 | 2.0.x: 6 | time: 2015-05-10 03:38:17 7 | versions: [<2.0.4] 8 | reference: composer://yiisoft/yii2 9 | -------------------------------------------------------------------------------- /yiisoft/yii2/CVE-2015-5467.yaml: -------------------------------------------------------------------------------- 1 | title: class yii\web\ViewAction allowed to include arbitrary files that end with .php 2 | link: https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/ 3 | cve: CVE-2015-5467 4 | branches: 5 | 2.0.x: 6 | time: 2015-07-10 18:12:53 7 | versions: [<2.0.5] 8 | reference: composer://yiisoft/yii2 9 | -------------------------------------------------------------------------------- /yiisoft/yii2/CVE-2018-6009.yaml: -------------------------------------------------------------------------------- 1 | title: The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity 2 | link: https://www.yiiframework.com/news/165/yii-2-0-14-is-released/ 3 | cve: CVE-2018-6009 4 | branches: 5 | 2.0.x: 6 | time: 2018-01-13 23:13:00 7 | versions: [<2.0.14] 8 | reference: composer://yiisoft/yii2 9 | -------------------------------------------------------------------------------- /yiisoft/yii2/CVE-2020-15148.yaml: -------------------------------------------------------------------------------- 1 | title: Possible remote code execution via unserialize() on user input containing specially crafted string 2 | link: https://www.yiiframework.com/news/303/yii-2-0-38 3 | cve: CVE-2020-15148 4 | branches: 5 | 2.0.x: 6 | time: 2020-09-14 21:15:51 7 | versions: ['<2.0.38'] 8 | reference: composer://yiisoft/yii2 9 | -------------------------------------------------------------------------------- /yiisoft/yii2/CVE-2024-4990.yaml: -------------------------------------------------------------------------------- 1 | title: Unsafe Reflection in base Component class 2 | link: https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm 3 | cve: CVE-2024-4990 4 | branches: 5 | 2.0.49.x: 6 | time: 2024-06-04 16:23:00 7 | versions: ['<2.0.49.4'] 8 | reference: composer://yiisoft/yii2 9 | -------------------------------------------------------------------------------- /zendframework/zend-developer-tools/ZF2019-01.yaml: -------------------------------------------------------------------------------- 1 | title: Information disclosure 2 | link: https://framework.zend.com/security/advisory/ZF2019-01 3 | branches: 4 | master: 5 | time: 2019-03-28 13:34:10 6 | versions: ['>=1.2.2', '<1.2.3'] 7 | reference: composer://zendframework/zend-developer-tools 8 | -------------------------------------------------------------------------------- /zendframework/zend-diactoros/CVE-2015-3257.yaml: -------------------------------------------------------------------------------- 1 | title: Potential XSS and Open Redirect vectors in zend-diactoros 2 | link: https://framework.zend.com/security/advisory/ZF2015-05 3 | cve: CVE-2015-3257 4 | branches: 5 | 1.0.x: 6 | time: 2015-06-23 15:55:00 7 | versions: ['>=1.0.0', '<1.0.4'] 8 | reference: composer://zendframework/zend-diactoros 9 | -------------------------------------------------------------------------------- /zendframework/zend-diactoros/ZF2018-01.yaml: -------------------------------------------------------------------------------- 1 | title: URL Rewrite vulnerability 2 | link: https://framework.zend.com/security/advisory/ZF2018-01 3 | branches: 4 | master: 5 | time: 2018-06-11 15:28:00 6 | versions: ['>=1.0.0', '<1.8.4'] 7 | reference: composer://zendframework/zend-diactoros 8 | -------------------------------------------------------------------------------- /zendframework/zend-feed/ZF2018-01.yaml: -------------------------------------------------------------------------------- 1 | title: URL Rewrite vulnerability 2 | link: https://framework.zend.com/security/advisory/ZF2018-01 3 | branches: 4 | master: 5 | time: 2018-06-11 15:28:00 6 | versions: ['>=1.0.0', '<2.10.3'] 7 | reference: composer://zendframework/zend-feed 8 | -------------------------------------------------------------------------------- /zendframework/zend-http/ZF2018-01.yaml: -------------------------------------------------------------------------------- 1 | title: URL Rewrite vulnerability 2 | link: https://framework.zend.com/security/advisory/ZF2018-01 3 | branches: 4 | master: 5 | time: 2018-06-11 15:28:00 6 | versions: ['>=1.0.0', '<2.8.1'] 7 | reference: composer://zendframework/zend-http 8 | -------------------------------------------------------------------------------- /zendframework/zend-validator/CVE-2015-1786.yaml: -------------------------------------------------------------------------------- 1 | title: Invalid CSRF validation of null or incorrectly formatted token identifiers 2 | link: https://framework.zend.com/security/advisory/ZF2015-03 3 | cve: CVE-2015-1786 4 | branches: 5 | 2.3.x: 6 | time: 2015-03-12 13:58:47 7 | versions: ['>=2.3.0', '<2.3.6'] 8 | reference: composer://zendframework/zend-validator 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/CVE-2015-1786.yaml: -------------------------------------------------------------------------------- 1 | title: Invalid CSRF validation of null or incorrectly formatted token identifiers 2 | link: https://framework.zend.com/security/advisory/ZF2015-03 3 | cve: CVE-2015-1786 4 | branches: 5 | 2.3.x: 6 | time: 2015-03-12 13:58:47 7 | versions: ['>=2.3.0', '<2.3.6'] 8 | reference: composer://zendframework/zendframework 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/CVE-2015-5723.yaml: -------------------------------------------------------------------------------- 1 | title: Filesystem Permissions Issues in Multiple Components 2 | link: https://framework.zend.com/security/advisory/ZF2015-07 3 | cve: CVE-2015-5723 4 | branches: 5 | 2.4.x: 6 | time: 2015-09-15 17:15:06 7 | versions: ['>=2.4.0', '<2.4.8'] 8 | reference: composer://zendframework/zendframework 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/CVE-2015-7503.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey 2 | link: https://framework.zend.com/security/advisory/ZF2015-10 3 | cve: CVE-2015-7503 4 | branches: 5 | 2.4.x: 6 | time: 2015-11-23 14:30:00 7 | versions: ['>=2.0.0', '<2.4.9'] 8 | reference: composer://zendframework/zendframework 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/ZF2012-03.yaml: -------------------------------------------------------------------------------- 1 | title: Potential XSS Vectors in Multiple Zend Framework 2 Components 2 | link: https://framework.zend.com/security/advisory/ZF2012-03 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-09-20 15:22:57 7 | versions: ['>=2.0.0', '<2.0.1'] 8 | reference: composer://zendframework/zendframework 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/ZF2012-04.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components 2 | link: https://framework.zend.com/security/advisory/ZF2012-04 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2012-09-29 16:19:54 7 | versions: ['>=2.0.0', '<2.0.5'] 8 | reference: composer://zendframework/zendframework 9 | -------------------------------------------------------------------------------- /zendframework/zendframework/ZF2013-04.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Remote Address Spoofing Vector in Zend\Http\PhpEnvironment\RemoteAddress 2 | link: https://framework.zend.com/security/advisory/ZF2013-04 3 | cve: ~ 4 | branches: 5 | 2.2.x: 6 | time: 2013-10-31 10:35:17 7 | versions: ['>=2.2.0', '<2.2.5'] 8 | reference: composer://zendframework/zendframework -------------------------------------------------------------------------------- /zendframework/zendframework/ZF2015-09.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word 2 | link: https://framework.zend.com/security/advisory/ZF2015-09 3 | branches: 4 | 2.4.x: 5 | time: 2015-11-23 14:30:00 6 | versions: ['>=2.0.0', '<2.4.9'] 7 | reference: composer://zendframework/zendframework 8 | -------------------------------------------------------------------------------- /zendframework/zendframework/ZF2018-01.yaml: -------------------------------------------------------------------------------- 1 | title: URL Rewrite vulnerability 2 | link: https://framework.zend.com/security/advisory/ZF2018-01 3 | branches: 4 | master: 5 | time: 2018-06-11 15:28:00 6 | versions: ['<2.5.0'] 7 | reference: composer://zendframework/zendframework 8 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2014-8088.yaml: -------------------------------------------------------------------------------- 1 | title: Anonymous authentication in ldap_bind() function of PHP, using null byte 2 | link: https://framework.zend.com/security/advisory/ZF2014-05 3 | cve: CVE-2014-8088 4 | branches: 5 | 1.12.x: 6 | time: 2014-09-16 22:00:00 7 | versions: ['>=1.12.0', '<1.12.9'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2014-8089.yaml: -------------------------------------------------------------------------------- 1 | title: SQL injection vector when manually quoting values for sqlsrv extension, using null byte 2 | link: https://framework.zend.com/security/advisory/ZF2014-06 3 | cve: CVE-2014-8089 4 | branches: 5 | 1.12.x: 6 | time: 2014-09-16 22:00:00 7 | versions: ['>=1.12.0', '<1.12.9'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2015-3154.yaml: -------------------------------------------------------------------------------- 1 | title: Potential CRLF injection attacks in mail and HTTP headers 2 | link: https://framework.zend.com/security/advisory/ZF2015-04 3 | cve: CVE-2015-3154 4 | branches: 5 | 1.12.x: 6 | time: 2015-05-19 17:40:42 7 | versions: ['>=1.12.0', '<1.12.12'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2015-5161.yaml: -------------------------------------------------------------------------------- 1 | title: XXE/XEE vector when using ZendXml on multibyte payloads 2 | link: https://framework.zend.com/security/advisory/ZF2015-06 3 | cve: CVE-2015-5161 4 | branches: 5 | 1.12.x: 6 | time: 2015-08-03 15:13:58 7 | versions: ['>=1.12.0', '<1.12.14'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2015-5723.yaml: -------------------------------------------------------------------------------- 1 | title: Filesystem Permissions Issues in Multiple Components 2 | link: https://framework.zend.com/security/advisory/ZF2015-07 3 | cve: CVE-2015-5723 4 | branches: 5 | 1.12.x: 6 | time: 2015-09-15 15:50:03 7 | versions: ['>=1.12.0', '<1.12.16'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/CVE-2016-6233.yaml: -------------------------------------------------------------------------------- 1 | title: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select 2 | link: https://framework.zend.com/security/advisory/ZF2016-02 3 | cve: CVE-2016-6233 4 | branches: 5 | 1.12.x: 6 | time: 2016-07-06 17:01:58 7 | versions: ['<1.12.19'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2009-01.yaml: -------------------------------------------------------------------------------- 1 | title: LFI vector in Zend_View::setScriptPath() and render() 2 | link: https://framework.zend.com/security/advisory/ZF2009-01 3 | cve: ~ 4 | branches: 5 | 1.7.x: 6 | time: 2009-02-13 14:43:21 7 | versions: ['>=1.7.0','<1.7.5'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2009-02.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vector in Zend_Filter_StripTags 2 | link: https://framework.zend.com/security/advisory/ZF2009-02 3 | cve: ~ 4 | branches: 5 | 1.7.x: 6 | time: 2009-02-27 09:00:13 7 | versions: ['>=1.7.0','<1.7.6'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2010-01.yaml: -------------------------------------------------------------------------------- 1 | title: Potential XSS vectors due to inconsistent encodings 2 | link: https://framework.zend.com/security/advisory/ZF2010-01 3 | cve: ~ 4 | branches: 5 | 1.9.x: 6 | time: 2010-01-08 17:31:22 7 | versions: ['>=1.9.0','<1.9.7'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2011-01.yaml: -------------------------------------------------------------------------------- 1 | title: Potential XSS in Development Environment Error View Script 2 | link: https://framework.zend.com/security/advisory/ZF2011-01 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2012-06-13 17:24:38 7 | versions: ['>=1.0.0', '<1.11.4'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2012-01.yaml: -------------------------------------------------------------------------------- 1 | title: Local file disclosure via XXE injection in Zend_XmlRpc 2 | link: https://framework.zend.com/security/advisory/ZF2012-01 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2012-08-20 17:50:28 7 | versions: ['>=1.0.0', '<1.11.13'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2012-02.yaml: -------------------------------------------------------------------------------- 1 | title: Denial of Service vector via XEE injection 2 | link: https://framework.zend.com/security/advisory/ZF2012-02 3 | cve: ~ 4 | branches: 5 | 1.x: 6 | time: 2012-09-20 15:22:57 7 | versions: ['>=1.0.0', '<1.11.13'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2014-01.yaml: -------------------------------------------------------------------------------- 1 | title: "Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse" 2 | link: https://framework.zend.com/security/advisory/ZF2014-01 3 | cve: ~ 4 | branches: 5 | 1.12.x: 6 | time: 2014-02-26 16:02:02 7 | versions: ['>=1.12.0', '<1.12.4'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2014-02.yaml: -------------------------------------------------------------------------------- 1 | title: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer 2 | link: https://framework.zend.com/security/advisory/ZF2014-02 3 | cve: ~ 4 | branches: 5 | 1.12.x: 6 | time: 2014-02-17 15:37:54 7 | versions: ['>=1.12.0', '<1.12.4'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2014-04.yaml: -------------------------------------------------------------------------------- 1 | title: Potential SQL injection in the ORDER implementation of Zend_Db_Select 2 | link: https://framework.zend.com/security/advisory/ZF2014-04 3 | cve: ~ 4 | branches: 5 | 1.12.x: 6 | time: 2014-06-11 13:46:00 7 | versions: ['>=1.12.0', '<1.12.7'] 8 | reference: composer://zendframework/zendframework1 9 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2015-08.yaml: -------------------------------------------------------------------------------- 1 | title: Potential SQL injection vector using null byte for PDO (MsSql, SQLite) 2 | link: https://framework.zend.com/security/advisory/ZF2015-08 3 | branches: 4 | 1.12.x: 5 | time: 2015-09-15 15:50:03 6 | versions: ['>=1.12.0', '<1.12.16'] 7 | reference: composer://zendframework/zendframework1 8 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2015-09.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word 2 | link: https://framework.zend.com/security/advisory/ZF2015-09 3 | branches: 4 | 1.12.x: 5 | time: 2015-11-23 14:30:00 6 | versions: ['>=1.12.0', '<1.12.17'] 7 | reference: composer://zendframework/zendframework1 8 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2016-01.yaml: -------------------------------------------------------------------------------- 1 | title: Potential Insufficient Entropy Vulnerability in ZF1 2 | link: https://framework.zend.com/security/advisory/ZF2016-01 3 | branches: 4 | 1.12.x: 5 | time: 2016-04-13 17:30:00 6 | versions: ['>=1.12.0', '<1.12.18'] 7 | reference: composer://zendframework/zendframework1 8 | -------------------------------------------------------------------------------- /zendframework/zendframework1/ZF2016-03.yaml: -------------------------------------------------------------------------------- 1 | title: Potential SQL injection in ORDER and GROUP functions of ZF1 2 | link: https://framework.zend.com/security/advisory/ZF2016-03 3 | branches: 4 | 1.12.x: 5 | time: 2016-09-02 12:48:00 6 | versions: ['<1.12.20'] 7 | reference: composer://zendframework/zendframework1 8 | -------------------------------------------------------------------------------- /zendframework/zendopenid/ZF2014-02.yaml: -------------------------------------------------------------------------------- 1 | title: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer 2 | link: https://framework.zend.com/security/advisory/ZF2014-02 3 | cve: ~ 4 | branches: 5 | 2.0.x: 6 | time: 2014-02-17 15:37:54 7 | versions: ['>=2.0.0', '<2.0.2'] 8 | reference: composer://zendframework/zendopenid 9 | -------------------------------------------------------------------------------- /zendframework/zendxml/CVE-2015-5161.yaml: -------------------------------------------------------------------------------- 1 | title: XXE/XEE vector when using ZendXml on multibyte payloads 2 | link: https://framework.zend.com/security/advisory/ZF2015-06 3 | cve: CVE-2015-5161 4 | branches: 5 | 1.0.x: 6 | time: 2015-08-03 15:13:58 7 | versions: ['>=1.0.0', '<1.0.1'] 8 | reference: composer://zendframework/zendxml 9 | -------------------------------------------------------------------------------- /zetacomponents/mail/CVE-2017-15806.yaml: -------------------------------------------------------------------------------- 1 | title: Arbitrary code execution via a crafted email address 2 | link: https://github.com/zetacomponents/Mail/issues/58 3 | reference: composer://zetacomponents/mail 4 | cve: CVE-2017-15806 5 | branches: 6 | master: 7 | time: 2017-11-1 19:02:00 8 | versions: ['<1.8.2'] 9 | -------------------------------------------------------------------------------- /zf-commons/zfc-user/CVE-2015-1039.yaml: -------------------------------------------------------------------------------- 1 | title: XSS vulnerability in login redirect param 2 | link: https://github.com/ZF-Commons/ZfcUser/issues/550 3 | cve: CVE-2015-1039 4 | branches: 5 | 1.x: 6 | time: 2015-01-08 14:18:45 7 | versions: [<1.2.2] 8 | reference: composer://zf-commons/zfc-user 9 | -------------------------------------------------------------------------------- /zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml: -------------------------------------------------------------------------------- 1 | title: Filesystem Permissions Issues in Multiple Components 2 | link: https://framework.zend.com/security/advisory/ZF2015-07 3 | cve: CVE-2015-5723 4 | branches: 5 | 1.0.x: 6 | time: 2015-09-15 18:52:15 7 | versions: ['>=1.0.0', '<1.0.3'] 8 | reference: composer://zfcampus/zf-apigility-doctrine 9 | -------------------------------------------------------------------------------- /zfr/zfr-oauth2-server-module/2014-04-26.yaml: -------------------------------------------------------------------------------- 1 | title: Authentication adapter did not verify validity of tokens 2 | link: https://github.com/zf-fr/zfr-oauth2-server-module/issues/6 3 | cve: ~ 4 | branches: 5 | 0.1.x: 6 | time: 2014-04-26 20:04:29 7 | versions: [<0.1.2] 8 | reference: composer://zfr/zfr-oauth2-server-module 9 | --------------------------------------------------------------------------------