EUVD-2025-22731

Malicious code in bioql PyPI...

EUVD-2022-1316

Malicious code in bioql PyPI...

EUVD-2022-0495

Malicious code in bioql PyPI...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://github.com/github/advisory-database/pull/5862. Original Description A stored cross-site scripting XSS...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

PT-2025-30909 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 version 4.6.0 Description: A stored cross-site scripting XSS vulnerability exists in CodeIgniter4. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the debugbar time parameter...

CVE-2025-45406

CodeIgniter4 v4.6.0 is affected by a stored XSS vulnerability in the debugbar_time parameter. The issue is described as enabling arbitrary web scripts or HTML, with a note that the supplier disputes exploitability since the value of debugbar_time may not be controllable and data is escaped by the...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

GHSA-X5MQ-JJR3-VMX6 Missing validation of header name and value in codeigniter4/framework

Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...

Missing validation of header name and value in codeigniter4/framework

Impact Lack of proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed...

Denial Of Service

codeigniter4/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation in the formatMessage function within the language, allowing an attacker to consume a large amount of memory on the server...

GHSA-39FP-MQMM-GXJ6 CodeIgniter4 DoS Vulnerability

Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Patches Upgrade to v4.4.7 or later. See upgrading guide. Workarounds - Disabling Auto Routing prevents a known...

BIT-CODEIGNITER-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

BIT-CODEIGNITER-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

Sensitive Information Stored In Clear Text

codeigniter4 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing the secretKey for HMAC SHA256 authentication in a raw format. An attacker can exploit this flaw if they gain access to the database and then send requests impersonating any person in the system usi...

Information Disclosure

codeigniter4/shield is vulnerable to Information Disclosure. The vulnerability is due to improper masking of sensitive information in to the log table. An attacker can gain access to sensitive tokens if they can access the application logs...