packagist

Top products

The 15 most recently published vulnerabilities affecting packagist.

• CVE-2024-51092LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's ...9.1May 8, 2026
• CVE-2026-32813Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)8.0Mar 20, 2026
• CVE-2026-32812Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint6.8Mar 20, 2026
• CVE-2026-32757Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection5.4Mar 19, 2026
• CVE-2026-32756Admidio: Unrestricted File Upload via CSRF Token Validation Bypass in Documents & Files Module8.8Mar 19, 2026
• CVE-2026-32755Admidio is Missing CSRF Protection on Role Membership Date Changes5.7Mar 19, 2026
• CVE-2026-32267Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()9.8Mar 16, 2026
• CVE-2026-32264Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController7.2Mar 16, 2026
• CVE-2026-32263Craft CMS vulnerable to behavior injection RCE via EntryTypesController7.2Mar 16, 2026
• CVE-2026-32262Craft CMS has a Path Traversal Vulnerability in AssetsController4.3Mar 16, 2026
• CVE-2026-32600xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption8.2Mar 13, 2026
• CVE-2026-32313xmlseclibs is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption8.2Mar 13, 2026
• CVE-2026-32612Statamic: privilege escalation via stored cross-site scripting5.4Mar 12, 2026
• CVE-2026-27591Winter: Privilege escalation by authenticated backend users9.9Mar 11, 2026
• CVE-2026-31889Shopware has a potential take over of app credentials8.9Mar 11, 2026