Vulnerabilities for core

ractf / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-15235	Medium		October 5, 2020 10/5/20	<= 41edf92

mobileiron / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2020-15505	Critical	July 7, 2020 7/7/20	>= 10.6.0.0 < 10.6.0.1 >= 10.5.2.0 < 10.5.2.1 >= 10.4.0.0 < 10.4.0.4 < 10.3.0.4 >= 10.5.1.0 < 10.5.1.1
CVE-2020-15506	Critical	July 7, 2020 7/7/20	<= 10.6
CVE-2020-15507	High	July 7, 2020 7/7/20	<= 10.6

formtools / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2021-38143	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38144	Medium	August 31, 2021 8/31/21	<= 3.0.20
CVE-2021-38145	Critical	August 31, 2021 8/31/21	<= 3.0.20

onlyoffice / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-29776	Critical		June 2, 2022 6/2/22	<= 6.1.0.26
CVE-2022-29777	Critical		June 2, 2022 6/2/22	<= 6.1.0.26

@nestjs / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-26108	Low		March 6, 2023 3/6/23	< 9.0.5

drupal / core

38 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-3057	Medium	April 1, 2025 4/1/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31674	Medium	April 1, 2025 4/1/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
CVE-2025-31675	Low	April 1, 2025 4/1/25	>= 8.0.0 < 10.3.14 >= 10.4.0 < 10.4.5 >= 11.0.0 < 11.0.13 >= 11.1.0 < 11.1.5
CVE-2025-31673	Medium	April 1, 2025 4/1/25	>= 8.0.0 < 10.3.13 >= 10.4.0 < 10.4.3 >= 11.0.0 < 11.0.12 >= 11.1.0 < 11.1.3
Drupal core Cross-Site Scripting (XSS) vulnerabilities	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.9.18 >= 9.1.0 < 9.1.12 >= 9.2.0 < 9.2.4
Drupal core Arbitrary PHP code execution	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.75 >= 8.0.0 < 8.8.12 >= 8.9.0 < 8.9.10 >= 9.0.0 < 9.0.9
Drupal core Open Redirect vulnerability	Medium	May 15, 2024 5/15/24	>= 7.0.0 < 7.70
Drupal core uses a vulnerable Third-party library CKEditor	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.12 >= 8.8.0 < 8.8.4
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar	High	May 15, 2024 5/15/24	>= 7.0.0 < 7.69 >= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core unrestricted file upload	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal core Denial of Service	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.7.11 >= 8.8.0 < 8.8.1
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Remote Code Execution	Critical	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Anonymous Open Redirect	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal External URL injection through URL aliases leading to Open Redirect	Medium	May 15, 2024 5/15/24	>= 7.0 < 7.60 >= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal Content moderation Access bypass	Medium	May 15, 2024 5/15/24	>= 8.0.0 < 8.5.8 >= 8.6.0 < 8.6.2
Drupal core Denial of Service vulnerability	Medium	February 12, 2024 2/12/24	>= 8.0.0 < 10.1.8 >= 10.2.0 < 10.2.2
CVE-2024-22362	High	January 16, 2024 1/16/24	== 9.3.6
CVE-2023-5256	High	September 28, 2023 9/28/23	>= 8.7.0 < 9.5.11 >= 10.0.0 < 10.0.11 >= 10.1.0 < 10.1.4
CVE-2023-31250	Medium	April 26, 2023 4/26/23	>= 10.0.0 < 10.0.8 >= 9.5.0 < 9.5.8 >= 9.0.0 < 9.4.14 >= 7.0.0 < 7.96
CVE-2022-25277	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25278	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25276	Medium	April 26, 2023 4/26/23	>= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25275	High	April 26, 2023 4/26/23	>= 7.0.0 < 7.91 >= 8.0.0 < 9.3.19 >= 9.4.0 < 9.4.3
CVE-2022-25274	Medium	April 26, 2023 4/26/23	>= 9.3.0 < 9.3.12
CVE-2022-25273	High	April 26, 2023 4/26/23	>= 8.0.0 < 9.2.18 >= 9.3.0 < 9.3.12
CVE-2022-25270	Medium	February 17, 2022 2/17/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13
CVE-2022-25271	High	February 16, 2022 2/16/22	>= 9.3.0 < 9.3.6 >= 8.0.0 < 9.2.13 >= 7.0.0 < 7.88
CVE-2020-13674	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13668	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13670	High	February 11, 2022 2/11/22	>= 8.0.0 < 8.8.10 >= 8.9.0 < 8.9.6 >= 9.0.0 < 9.0.6
CVE-2020-13676	Medium	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13675	Critical	February 11, 2022 2/11/22	>= 8.0.0 < 8.9.19 >= 9.1.0 < 9.1.13 >= 9.2.0 < 9.2.6
CVE-2020-13671	High	November 20, 2020 11/20/20	>= 9.0.0 < 9.0.8 >= 8.9.0 < 8.9.9 >= 8.0.0 < 8.8.11 >= 7.0 < 7.74
CVE-2019-6342	Critical	May 28, 2020 5/28/20	== 8.7.4 >= 8.7.4 < 8.7.5
CVE-2017-6923	Low	January 22, 2019 1/22/19	>= 8.0 < 8.3.7
CVE-2018-7602	Critical	July 19, 2018 7/19/18	>= 7.0 < 7.59 >= 8.0 < 8.4.8 >= 8.5 < 8.5.3

shopware / core

51 vulnerabilities found

Title	Severity	Date	Affected Version
Shopware 6's password recovery link does not expire after email change	Medium	November 14, 2025 11/14/25	< 6.6.10.9 >= 6.7.0.0 < 6.7.4.1
Shopware Customer Orders can be canceled, even if refunds are disabled	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware exposes sensitive user information via CSV export mapping	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to path traversal via Plugin upload	Low	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually	Medium	October 21, 2025 10/21/25	>= 6.7.0.0 < 6.7.3.1 < 6.6.10.7
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components	High	September 10, 2025 9/10/25	>= 6.7.0.0 < 6.7.2.1
CVE-2025-32378	Low	April 9, 2025 4/9/25	>= 6.6.0.0-rc1 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
Shopware Broken ACL on Document retrieval to access other customers documents	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-27892	High	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2025-30151	High	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 < 6.5.8.17
CVE-2025-30150	Medium	April 8, 2025 4/8/25	>= 6.6.0.0 < 6.6.10.3 >= 6.7.0.0-rc1 < 6.7.0.0-rc2 == 6.7.0.0-rc1 < 6.5.8.18
CVE-2024-42355	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42356	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42357	High	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-42354	Medium	August 8, 2024 8/8/24	< 6.5.8.13 >= 6.6.0.0 < 6.6.5.1
CVE-2024-31447	Medium	April 8, 2024 4/8/24	>= 6.3.5.0 < 6.5.8.8 >= 6.6.0.0-rc1 < 6.6.1.0
CVE-2024-22407	Low	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2024-22406	Critical	January 16, 2024 1/16/24	< 6.5.7.4
CVE-2023-2017	High	April 17, 2023 4/17/23	< 6.4.20.1
CVE-2023-22734	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22732	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22733	Low	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22730	Medium	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2023-22731	Critical	January 17, 2023 1/17/23	< 6.4.18.1
CVE-2022-24872	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24871	High	April 20, 2022 4/20/22	< 6.4.10.1
CVE-2022-24747	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24748	Medium	March 9, 2022 3/9/22	< 6.4.8.2
CVE-2022-24746	Medium	March 9, 2022 3/9/22	< 6.4.8.1
CVE-2022-24744	Low	March 9, 2022 3/9/22	< 6.4.8.1
Webcache Poisoning in shopware/platform and shopware/core	Critical	November 24, 2021 11/24/21	< 6.4.6.1
CVE-2021-37711	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37710	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37709	Medium	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37708	High	August 16, 2021 8/16/21	< 6.4.3.1
CVE-2021-37707	Medium	August 16, 2021 8/16/21	< 6.4.3.1
non-admin users can create integration role with administrator role	Medium	June 28, 2021 6/28/21	< 6.4.1.1
Internal hidden fields are visible on to many associations in admin api	Medium	June 28, 2021 6/28/21	< 6.4.1.1
Private files publicly accessible with Cloud Storage providers	High	June 28, 2021 6/28/21	< 6.4.1.1
Creation of order credits was not validated by acl in admin orders	Low	June 28, 2021 6/28/21	< 6.4.1.1
Canceling of orders not related to the logged-in user	Medium	June 28, 2021 6/28/21	< 6.4.1.1
After order payment process manipulation in shopware/platform and shopware/core	Critical	April 13, 2021 4/13/21	< 6.3.5.3
Leak of information via Store-API aggregations in shopware/platform and shopware/core	Critical	April 13, 2021 4/13/21	< 6.3.5.3
Authenticated Server Side Request Forgery	Low	December 21, 2020 12/21/20	< 6.3.4.1
Information exposure via query strings in URL	Low	December 21, 2020 12/21/20	< 6.3.4.1
Authenticated Privilege Escalation	Low	December 21, 2020 12/21/20	< 6.3.4.1
Denial of Service via Cache Flooding	Low	October 19, 2020 10/19/20	< 6.3.2.1
Authenticated XML External Entity Processing	Medium	October 19, 2020 10/19/20	< 6.3.2.1
Non-persistent XSS in the Storefront in Shopware	Low	September 23, 2020 9/23/20	< 6.3.1.1

‹
›

1
2
›

mautic / core

36 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-9824	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9823	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9822	Medium	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-9821	Low	September 3, 2025 9/3/25	>= 4.4.0 < 4.4.17 >= 5.0.0-alpha < 5.2.8 >= 6.0.0-alpha < 6.0.5
CVE-2025-5256	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47055	Medium	May 28, 2025 5/28/25	>= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47057	Medium	May 28, 2025 5/28/25	>= 1.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2024-47056	Medium	May 28, 2025 5/28/25	>= 4.4.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2025-5257	Medium	May 28, 2025 5/28/25	>= 4.0.0 < 4.4.16 >= 5.0.0-alpha < 5.2.6 >= 6.0.0-alpha < 6.0.2
CVE-2022-25773	Medium	February 26, 2025 2/26/25	< 5.2.3
CVE-2024-47053	High	February 26, 2025 2/26/25	>= 1.0.1 < 5.2.3
CVE-2024-47051	Critical	February 26, 2025 2/26/25	< 5.2.3
CVE-2022-25777	Medium	September 18, 2024 9/18/24	>= 1.0.0-beta4 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25769	High	September 18, 2024 9/18/24	< 3.3.5 >= 4.0.0 < 4.2.0
CVE-2022-25774	Low	September 18, 2024 9/18/24	< 4.4.12
CVE-2022-25775	Medium	September 18, 2024 9/18/24	>= 2.14.1 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2022-25776	High	September 18, 2024 9/18/24	>= 1.0.2 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27916	High	September 17, 2024 9/17/24	>= 3.3.0 < 4.4.12 >= 5.0.0-alpha < 5.0.4
CVE-2021-27915	High	September 17, 2024 9/17/24	>= 1.0.0-beta2 < 4.4.12
CVE-2022-25772	Critical	June 20, 2022 6/20/22	< 4.3.0
CVE-2021-27909	Medium	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27911	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27910	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27912	High	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27913	Low	August 30, 2021 8/30/21	< 3.3.4
CVE-2021-27908	Medium	March 23, 2021 3/23/21	< 3.3.2
CVE-2020-35125	Critical	February 9, 2021 2/9/21	< 2.16.5 >= 3.0.0 < 3.2.4
CVE-2020-35124	Critical	January 28, 2021 1/28/21	< 2.16.5 >= 3.0.0 < 3.2.4
CVE-2018-11200	Medium	September 20, 2019 9/20/19	< 2.14.0
CVE-2018-11198	Low	September 6, 2019 9/6/19	== 2.13.1 >= 2.13.1 < 2.14.0
CVE-2018-8092	High	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-8071	Low	April 18, 2018 4/18/18	< 2.13.0
CVE-2018-10189	Medium	April 17, 2018 4/17/18	< 2.13.0
CVE-2017-1000489	Medium	January 3, 2018 1/3/18	>= 2.0.0 < 2.12.0
CVE-2017-1000490	Low	January 3, 2018 1/3/18	>= 1.0.0 < 2.12.0
CVE-2017-1000488	Low	January 3, 2018 1/3/18	>= 2.1.0 < 2.12.0

bolt / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-40219	High		April 11, 2022 4/11/22	<= 4.2
CVE-2021-27367	High		February 17, 2021 2/17/21	< 4.1.13

ibexa / core

5 vulnerabilities found

Title	Severity	Date	Affected Version
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts	Medium	March 20, 2024 3/20/24	>= 4.5.0 < 4.5.6 >= 4.6.0 < 4.6.2
Ibexa DXP Download route allows filename change	Low	November 3, 2023 11/3/23	>= 4.5.0 < 4.5.4
Ibexa DXP users with the Company admin role can assign any role to any user	Critical	November 10, 2022 11/10/22	>= 4.2.0 < 4.2.3
Login timing attack in ibexa/core	Critical	June 2, 2022 6/2/22	>= 4.0.0 < 4.0.7 >= 4.1.0 < 4.1.4
Object state limitation has no effect	Critical	April 29, 2022 4/29/22	>= 4.0.0 < 4.0.5 >= 4.1.0 < 4.1.2

s-cart / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Low		September 23, 2025 9/23/25	<= 9.0.5
CVE-2022-21149	Medium		May 1, 2022 5/1/22	< 6.9

@angular / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-4231	Low		May 26, 2022 5/26/22	< 11.0.5 >= 11.1.0-next.0 < 11.1.0-next.3

concrete5 / core

9 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2022-30120	Medium	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-30117	Critical	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2022-21829	Critical	June 24, 2022 6/24/22	>= 9.0.0 < 9.1.0 < 8.5.8
CVE-2021-22968	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22970	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22966	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22967	High	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22969	Medium	November 19, 2021 11/19/21	< 8.5.7
CVE-2021-22951	High	November 19, 2021 11/19/21	< 8.5.7

@actions / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-35954	Medium		August 15, 2022 8/15/22	< 1.9.1
CVE-2020-15228	Low		October 1, 2020 10/1/20	< 1.2.6

@keystone-6 / core

5 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-46720	Low	May 5, 2025 5/5/25	< 6.5.0
CVE-2023-40027	Low	August 15, 2023 8/15/23	< 5.5.1
@keystone-6/core's bundled cuid package known to be insecure	Low	June 12, 2023 6/12/23	<= 5.3.1
CVE-2022-39382	Critical	November 3, 2022 11/3/22	>= 3.0.0 < 3.0.2
CVE-2022-39322	Critical	October 25, 2022 10/25/22	>= 2.2.0 < 2.3.1

badaso / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-52353	High	August 26, 2025 8/26/25	<= 2.9.11
CVE-2022-41705	Critical	November 25, 2022 11/25/22	< 2.7.0
CVE-2022-41711	Critical	October 25, 2022 10/25/22	< 2.6.1

flarum / core

8 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-27794	Medium	March 12, 2025 3/12/25	< 1.8.10
CVE-2024-21641	Medium	January 5, 2024 1/5/24	< 1.8.5
CVE-2023-40033	High	August 16, 2023 8/16/23	< 1.8.0
CVE-2023-27577	Medium	March 10, 2023 3/10/23	< 1.7.0
CVE-2023-22489	Low	January 13, 2023 1/13/23	>= 1.3.0 < 1.6.3
CVE-2023-22488	Medium	January 12, 2023 1/12/23	< 1.6.3
CVE-2022-41938	Critical	November 19, 2022 11/19/22	>= 1.5.0 < 1.6.2
CVE-2021-32671	Critical	June 7, 2021 6/7/21	>= 1.0.0 < 1.0.2

@sequelize / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-22580	Medium	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22578	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20
CVE-2023-22579	Critical	February 16, 2023 2/16/23	< 7.0.0-alpha.20

api-platform / core

6 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-31485	High	April 4, 2025 4/4/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2025-31481	High	April 4, 2025 4/4/25	>= 4.0.0-alpha.1 < 4.0.22 < 3.4.17 >= 4.1.0-alpha.1 < 4.1.5
CVE-2023-47639	Medium	April 3, 2025 4/3/25	>= 3.2.0 < 3.2.5
CVE-2025-23204	Medium	March 24, 2025 3/24/25	>= 3.3.8 < 3.3.15
CVE-2023-25575	High	February 28, 2023 2/28/23	>= 3.0.0 < 3.0.12 >= 3.1.0 < 3.1.3 >= 2.6.0 < 2.7.10
CVE-2019-1000011	Medium	February 4, 2019 2/4/19	>= 2.2.0 < 2.2.10 >= 2.3.0 < 2.3.6 >= 2.2.0 <= 2.3.5

@sap-cloud-sdk / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-41251	Medium		November 5, 2021 11/5/21	< 1.52.0
Improper Authorization in @sap-cloud-sdk/core	High		September 3, 2020 9/3/20	>= 1.19.0 < 1.21.2

@ionic / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Cross-Site Scripting in @ionic/core	High		September 3, 2020 9/3/20	< 4.0.3 >= 4.1.0 < 4.1.3 >= 4.2.0 < 4.2.1 >= 4.3.0 < 4.3.1

@tsed / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-7748	Medium		October 20, 2020 10/20/20	< 5.65.7

@vendure / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
@vendure/core's insecure currencyCode handling allows wrong payment amounts	Medium		November 17, 2023 11/17/23	< 2.1.3
Vendure Cross Site Request Forgery vulnerability impacting all API requests	Low		July 11, 2023 7/11/23	< 2.0.3

pimcore / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-5192	Medium		September 27, 2023 9/27/23	< 10.3.0

@scrypted / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`	High		February 16, 2024 2/16/24	<= 0.1.142
CVE-2023-47623	Medium		December 13, 2023 12/13/23	<= 0.1.142

fuel / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
fuel/core Crypt encryption compromised.	Medium		May 15, 2024 5/15/24	< 1.8.1
fuel/core ImageMagick driver does not escape all shell arguments.	High		May 15, 2024 5/15/24	< 1.8.0.4

org.verapdf / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-28109	High		March 28, 2024 3/28/24	< 1.24.2

contao / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
contao/core PHP object injection vulnerability allows for arbitrary code execution	High		May 15, 2024 5/15/24	>= 2.0.0 < 2.11.14 >= 3.0.0 < 3.2.5
contao/core Insufficient input validation allows for code injection and remote execution	Critical		May 15, 2024 5/15/24	>= 2.0.0 < 2.11.17 >= 3.0.0 < 3.2.9

@janhq / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2024-37273	Critical	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36857	High	June 4, 2024 6/4/24	<= 0.1.11
CVE-2024-36858	Critical	June 4, 2024 6/4/24	<= 0.1.11

@zenuml / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-38527	Medium		June 26, 2024 6/26/24	< 3.23.25

@zag-js / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2024-57079	High		February 6, 2025 2/6/25	< 0.82.2

@intlify / core

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-53892	Medium		July 16, 2025 7/16/25	>= 9.0.0 < 9.14.5 >= 10.0.0 < 10.0.8 >= 11.0.0 < 11.1.10
CVE-2025-27597	High		March 7, 2025 3/7/25	>= 9.1.0 < 9.1.11

@pkgr / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-54313	High		July 19, 2025 7/19/25	== 0.2.8 >= 0.2.8 < 0.2.9

com.ritense.valtimo / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-58059	Critical		August 28, 2025 8/28/25	< 12.16.0.RELEASE >= 13.0.0.RELEASE < 13.1.2.RELEASE

gp247 / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-57407	Low		September 23, 2025 9/23/25	< 1.1.24

@strapi / core

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-53092	Medium	October 16, 2025 10/16/25	< 5.20.0
CVE-2025-25298	Medium	October 16, 2025 10/16/25	< 5.10.3
CVE-2024-56143	High	October 16, 2025 10/16/25	>= 5.0.0 < 5.5.2

@hpke / core

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2025-64767	Critical		November 20, 2025 11/20/25	< 1.7.5

Vulnerability Database

317,182

Vulnerabilities for products matching "core"

ractf / core

mobileiron / core

formtools / core

onlyoffice / core

@nestjs / core

drupal / core

shopware / core

mautic / core

bolt / core

ibexa / core

s-cart / core

@angular / core

concrete5 / core

@actions / core

@keystone-6 / core

badaso / core

flarum / core

@sequelize / core

api-platform / core

@sap-cloud-sdk / core

@ionic / core

@tsed / core

@vendure / core

pimcore / core

@scrypted / core

fuel / core

org.verapdf / core

contao / core

@janhq / core

@zenuml / core

@zag-js / core

@intlify / core

@pkgr / core

com.ritense.valtimo / core

gp247 / core

@strapi / core

@hpke / core

Deep Security Visibility Without the Complexity