FLAT-EAARH (MAL-2026-4770)
Use of software with malware In spip-pth-demo
5.2
Medium
Ecosystem: PyPI
Package: spip-pth-demo
FLAT-MC5SD (CVE-2026-48832)
Uncontrolled external site redirect In spip
1.1
Low
Ecosystem: Debian
Package: spip
FLAT-NYLZ3 (CVE-2026-8430)
Server side template injection In spip
7.2
High
Ecosystem: Debian
Package: spip
FLAT-Z6N9G (CVE-2026-8429)
Server side template injection In spip
8.0
High
Ecosystem: Debian
Package: spip
FLAT-F5EA4 (CVE-2026-33549)
Privilege escalation In spip
7.5
High
Ecosystem: Debian
Package: spip
FLAT-DNN4O (DSA-6174-1)
Insecure service configuration In spip
0.6
Low
Ecosystem: Debian
Package: spip
FLAT-B1S2W (DSA-6155-1)
Insecure service configuration In spip
0.6
Low
Ecosystem: Debian
Package: spip
FLAT-0T49O (CVE-2026-22206)
Remote command execution In spip
6.1
Medium
Ecosystem: Debian
Package: spip
FLAT-TTP29 (CVE-2026-22205)
Authentication mechanism absence or evasion In spip
7.7
High
Ecosystem: Debian
Package: spip
FLAT-FZ1J4 (CVE-2026-27475)
Insecure deserialization In spip
6.1
Medium
Ecosystem: Debian
Package: spip
FLAT-Q7XAB (CVE-2026-27472)
Server-side request forgery (SSRF) In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-9JY2N (CVE-2026-27474)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-O2NA2 (CVE-2026-27473)
Server side cross-site scripting In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-N062K (CVE-2026-26345)
Reflected cross-site scripting (XSS) In spip
6.1
Medium
Ecosystem: Debian
Package: spip
FLAT-I1RKE (CVE-2026-26223)
Server side cross-site scripting In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-YVTI8 (CVE-2025-71242)
Improper authorization control for web services In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-RTJP4 (CVE-2025-71244)
Uncontrolled external site redirect In spip
0.5
Low
Ecosystem: Debian
Package: spip
FLAT-AXDGV (CVE-2025-71241)
Server side cross-site scripting In spip
0.5
Low
Ecosystem: Debian
Package: spip
FLAT-QYGMI (CVE-2025-71240)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-H1TQ5 (CVE-2023-53900)
Insecure file upload In spip
1.1
Low
Ecosystem: Debian
Package: spip
FLAT-5D2YS (MAL-2025-33757)
Use of software with malware In spipad
5.2
Medium
Ecosystem: Npm
Package: spipad
FLAT-U4LZC (CVE-2024-8517)
Server side template injection In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-F6ZKK (CVE-2024-7954)
Lack of data validation In spip
2.7
Low
Ecosystem: Debian
Package: spip
FLAT-N1BY6 (DLA-3761-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-BFIUW (CVE-2024-23659)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-LPJYQ (CVE-2023-52322)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-RV3AL (DLA-3691-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-HAO87 (CVE-2023-39062)
Reflected cross-site scripting (XSS) In spipu/html2pdf
1.3
Low
Ecosystem: Packagist
Package: spipu/html2pdf
FLAT-A2AZS (DLA-3347-2)
Lack of data validation In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-TKHB9 (DSA-5367-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-9PZUA (CVE-2023-27372)
Lack of data validation In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-U9AGJ (CVE-2023-24258)
SQL injection - Code In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-K6DXS (DLA-3347-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-R85OP (DSA-5325-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-FFRGP (CVE-2022-37155)
Lack of data validation In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-UBYP5 (DSA-5190-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-MXA0H (DSA-5152-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-4586O (CVE-2022-28961)
SQL injection - Code In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-CSBMZ (CVE-2022-28959)
Reflected cross-site scripting (XSS) In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-FTV8Q (CVE-2022-28960)
Server side template injection In spip
9.1
Critical
Ecosystem: Debian
Package: spip
FLAT-ZS9HQ (DLA-2949-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-7OZMW (CVE-2022-26847)
Sensitive information sent insecurely In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-VP00G (CVE-2022-26846)
Server side template injection In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-M1ZUQ (DSA-5093-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-YY59O (CVE-2021-44123)
Insecure file upload In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-UHSLW (CVE-2021-44118)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-6UXN8 (CVE-2021-44122)
Cross-site request forgery In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-M42FN (CVE-2021-44120)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-Y1MPT (CVE-2021-45394)
Reflected cross-site scripting (XSS) In spipu/html2pdf
6.3
Medium
Ecosystem: Packagist
Package: spipu/html2pdf
FLAT-T31U2 (DLA-2867-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-NZZVL (DSA-5028-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-K4BP0 (DLA-2579-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-YJBSH (DSA-4853-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-FCO2O (DLA-2505-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-F3KZQ (DSA-4798-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-GCYKC (CVE-2020-28984)
Lack of data validation In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-E90CW (CVE-2019-19830)
Lack of data validation In spip
4.9
Medium
Ecosystem: Debian
Package: spip
FLAT-D6QY7 (DSA-4583-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-CIVLJ (DLA-1975-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-R7FL3 (DSA-4532-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-6BLZ4 (CVE-2019-16393)
Uncontrolled external site redirect In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-GNQP1 (CVE-2019-16391)
Improper authorization control for web services In spip
6.6
Medium
Ecosystem: Debian
Package: spip
FLAT-KUE8H (CVE-2019-16394)
Business information leak In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-RWPFA (CVE-2019-16392)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-XUFKP (CVE-2019-11071)
Lack of data validation In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-PMFW8 (DSA-4429-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-7YKEX (DSA-4228-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-AP2IM (CVE-2017-15736)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-NJXO1 (DSA-3890-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-HOV01 (CVE-2017-9736)
OS Command Injection In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-6PXIS (CVE-2016-7999)
Server-side request forgery (SSRF) In spip
5.7
Medium
Ecosystem: Debian
Package: spip
FLAT-GMVBP (CVE-2016-7998)
Lack of data validation In spip
6.3
Medium
Ecosystem: Debian
Package: spip
FLAT-66WP9 (CVE-2016-7980)
Cross-site request forgery In spip
6.1
Medium
Ecosystem: Debian
Package: spip
FLAT-5MSSJ (CVE-2016-7981)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-K42P4 (CVE-2016-7982)
Lack of data validation - Path Traversal In spip
4.9
Medium
Ecosystem: Debian
Package: spip
FLAT-QCNPJ (DLA-760-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-LBX9Y (CVE-2016-9997)
Server side cross-site scripting In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-G1HJ8 (CVE-2016-9998)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-W00KD (DLA-738-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-T6IZU (CVE-2016-9152)
Reflected cross-site scripting (XSS) In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-PMR3Y (DLA-695-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-WSIAT (CVE-2016-3154)
Server side template injection In spip
9.1
Critical
Ecosystem: Debian
Package: spip
FLAT-9W843 (CVE-2016-3153)
Server side template injection In spip
8.1
High
Ecosystem: Debian
Package: spip
FLAT-N2W8R (DSA-3518-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-HVO2I (CVE-2013-7303)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-RZORI (CVE-2013-4556)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-ZPJNX (CVE-2013-4555)
Insecure service configuration In spip
0.6
Low
Ecosystem: Debian
Package: spip
FLAT-KGE0E (CVE-2013-4557)
Lack of data validation In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-MM90B (DSA-2794-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-FI494 (CVE-2013-2118)
Excessive privileges In spip
5.8
Medium
Ecosystem: Debian
Package: spip
FLAT-0WKQF (DSA-2694-1)
Excessive privileges In spip
5.8
Medium
Ecosystem: Debian
Package: spip
FLAT-P0Y8M (CVE-2012-4331)
Lack of data validation In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-WUSLE (CVE-2012-2151)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-Y4S5Q (DSA-2461-1)
Server side cross-site scripting In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-QC03J (DSA-2349-1)
Lack of data validation - Path Traversal In spip
0.6
Low
Ecosystem: Debian
Package: spip
FLAT-4XIH4 (DSA-2229-1)
Lack of data validation - Type confusion In spip
1.2
Low
Ecosystem: Debian
Package: spip
FLAT-DN9J1 (CVE-2009-3041)
Improper authorization control for web services In spip
2.7
Low
Ecosystem: Debian
Package: spip
FLAT-0VEY9 (CVE-2008-5812)
Lack of data validation In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-2JWS6 (CVE-2008-5813)
SQL injection - Code In spip
1.3
Low
Ecosystem: Debian
Package: spip
FLAT-NHBHN (CVE-2007-4525)
Remote File Inclusion In spip
1.3
Low
Ecosystem: Debian
Package: spip