Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Show:
Report a new vulnerability
Vulnerability Affects Type Published
  • M
Cross-site Scripting (XSS) 		privatebin/privatebin >1.2, <1.2.2,>=1.3, <1.3.2 Composer 15 Jan, 2020
  • H
Remote Code Execution 		topthink/thinkphp <3.2.4 Composer 09 Jan, 2020
  • M
Information Disclosure 		endroid/qr-code-bundle <3.4.2 Composer 01 Jan, 2020
  • M
Cross-site Scripting (XSS) 		genix/cms <1.1.6 Composer 31 Dec, 2019
  • H
Authentication Bypass 		scheb/two-factor-bundle <3.26.0,>=4.0.0, <4.11.0 Composer 22 Dec, 2019
  • M
Denial of Service (DoS) 		drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Access Restriction Bypass 		drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Denial of Service (DoS) 		drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Access Restriction Bypass 		drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Arbitrary File Upload 		drupal/core <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • M
Arbitrary File Upload 		drupal/drupal <8.7.11,>=8.8.0, <8.8.1 Composer 22 Dec, 2019
  • H
Command Injection 		mikehaertl/php-shellcommand <1.6.1 Composer 20 Dec, 2019
  • H
Arbitrary File Upload 		verot/class.upload.php >=2.0.0, <2.0.8,>=1.0.0, <1.0.7 Composer 18 Dec, 2019
  • H
Arbitrary File Upload 		verot/class.upload.php >=1.0.0, <1.0.4,>=2.0.0. <2.0.5 Composer 18 Dec, 2019
  • M
SQL injection 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
SQL injection 		typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Arbitrary File Upload 		contao/core-bundle >=4.5.0, <4.6.0,>=4.8.0, <4.8.6,>=4.7.0, <4.8.0,>=4.0.0, <4.4.46,>=4.6.0, <4.7.0 Composer 18 Dec, 2019
  • M
Arbitrary File Write via Archive Extraction (Zip Slip) 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
Cross-site Scripting (XSS) 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data 		typo3/cms >=8.0.0, <8.7.30,>=9.0.0, <9.5.12 Composer 18 Dec, 2019
  • M
Arbitrary File Write via Archive Extraction (Zip Slip) 		typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • M
Cross-site Scripting (XSS) 		typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data 		typo3/cms-core >=8.0.0, <8.7.30,>=9.0.0, <9.5.12 Composer 18 Dec, 2019
  • L
Content Injection 		contao/core-bundle >=4.8.4, <4.8.6 Composer 18 Dec, 2019
  • L
Information Disclosure 		contao/core-bundle >=4.0.0, <4.4.46,>=4.5.0, <4.6.0,>=4.8.0, <4.8.6,>=4.7.0, <4.8.0,>=4.6.0, <4.7.0 Composer 18 Dec, 2019
  • H
Deserialization of Untrusted Data 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS) 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS) 		typo3/cms >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • H
Deserialization of Untrusted Data 		typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019
  • M
Cross-site Scripting (XSS) 		typo3/cms-core >=10.0.0, <10.2.1,>=9.0.0, <9.5.12,>=8.0.0, <8.7.30 Composer 17 Dec, 2019