Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Cross-site Scripting (XSS)
privatebin/privatebin >1.2, <1.2.2,>=1.3, <1.3.2 Composer 15 Jan, 2020
  • H
Remote Code Execution
topthink/thinkphp <3.2.4 Composer 09 Jan, 2020
  • M
Information Disclosure
endroid/qr-code-bundle <3.4.2 Composer 01 Jan, 2020
  • M
Cross-site Scripting (XSS)
genix/cms <1.1.6 Composer 31 Dec, 2019
  • H
Authentication Bypass
scheb/two-factor-bundle <3.26.0,>=4.0.0, <4.11.0 Composer 22 Dec, 2019
  • M
Denial of Service (DoS)
drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Access Restriction Bypass
drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Denial of Service (DoS)
drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Access Restriction Bypass
drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Arbitrary File Upload
drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Arbitrary File Upload
drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • H
Command Injection
mikehaertl/php-shellcommand <1.6.1 Composer 20 Dec, 2019
  • H
Remote Code Execution (RCE)
verot/class.upload.php >=2.0.0, <2.0.8,>=1.0.0, <1.0.7 Composer 18 Dec, 2019
  • H
Arbitrary File Upload
verot/class.upload.php >=1.0.0, <1.0.4,>=2.0.0. <2.0.5 Composer 18 Dec, 2019
  • M
SQL injection
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
SQL injection
typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Arbitrary File Upload
contao/core-bundle >=4.5.0, <4.6.0,>=4.8.0, <4.8.6,>=4.7.0, <4.8.0,>=4.0.0, <4.4.46,>=4.6.0, <4.7.0 Composer 18 Dec, 2019
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
Cross-site Scripting (XSS)
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data
typo3/cms >=8.0.0, <8.7.30,>=9.0.0, <9.5.12 Composer 18 Dec, 2019
  • M
Arbitrary File Write via Archive Extraction (Zip Slip)
typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
Cross-site Scripting (XSS)
typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data
typo3/cms-core >=8.0.0, <8.7.30,>=9.0.0, <9.5.12 Composer 18 Dec, 2019
  • L
Content Injection
contao/core-bundle >=4.8.4, <4.8.6 Composer 18 Dec, 2019
  • L
Information Disclosure
contao/core-bundle >=4.0.0, <4.4.46,>=4.5.0, <4.6.0,>=4.8.0, <4.8.6,>=4.7.0, <4.8.0,>=4.6.0, <4.7.0 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS)
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS)
typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • H
Deserialization of Untrusted Data
typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS)
typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019