Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/flarum/framework

Simple forum software for building great communities.
https://github.com/flarum/framework

Low

GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5

Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: 12 months ago

High

GSA_kwCzR0hTQS02N2M2LXE0ajQtaGNjZ84AA1WM

Flarum vulnerable to LFI and Blind SSRF via Avatar upload
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: github
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS12aG04LXd3cmYtM2djd84AAyE1

Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Ecosystems: packagist
Packages: flarum/core
Source: github
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b

Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: github
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a

Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: github
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0yMm05LW0zd3ctNTNoM84AAw3Z

Flarum post mentions can be used to read any post on the forum without access control
Ecosystems: packagist
Packages: flarum/mentions
Source: github
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS03eDR3LWo5OHAtODU0eM4AAv_a

Cross site scripting vulnerability with discussion titles
Ecosystems: packagist
Packages: flarum/core
Source: github
Published: about 2 years ago