{"id":677071,"name":"processwire/processwire","ecosystem":"packagist","description":"ProcessWire CMS/CMF","homepage":"https://processwire.com","licenses":"MPL-2.0","normalized_licenses":["MPL-2.0"],"repository_url":"https://github.com/processwire/processwire","keywords_array":["cms","Content management system","cmf","processwire"],"namespace":"processwire","versions_count":22,"first_release_published_at":"2016-09-23T12:39:25.000Z","latest_release_published_at":"2026-01-16T19:07:29.000Z","latest_release_number":"3.0.255","last_synced_at":"2026-06-29T01:13:48.412Z","created_at":"2022-04-07T10:46:50.062Z","updated_at":"2026-06-29T14:21:15.225Z","registry_url":"https://packagist.org/packages/processwire/processwire#","install_command":"composer require processwire/processwire","documentation_url":null,"metadata":{"funding":[]},"repo_metadata":{"uuid":"66832303","full_name":"processwire/processwire","owner":"processwire","description":"ProcessWire 3.x is a friendly and powerful open source CMS with a strong API. ","archived":false,"fork":false,"pushed_at":"2024-02-06T17:12:51.000Z","size":38242,"stargazers_count":876,"open_issues_count":45,"forks_count":185,"subscribers_count":72,"default_branch":"master","last_synced_at":"2024-02-06T18:30:43.828Z","etag":null,"topics":["cmf","cms","php","processwire"],"latest_commit_sha":null,"homepage":"https://processwire.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/processwire.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.TXT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-08-29T09:59:35.000Z","updated_at":"2024-02-06T18:30:51.997Z","dependencies_parsed_at":"2024-01-18T05:26:46.363Z","dependency_job_id":"2b9559f8-9a4c-4673-9a9f-2f1e9282e507","html_url":"https://github.com/processwire/processwire","commit_stats":{"total_commits":2302,"total_committers":33,"mean_commits":69.75757575757575,"dds":0.4018245004344049,"last_synced_commit":"6ff498f503db118d5b6c190b35bd937b38b80a77"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/processwire","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":184735703,"owners_count":11567118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"processwire","name":"ProcessWire","uuid":"944567","kind":"organization","description":"ProcessWire is an open source API-driven CMS and web application framework aimed at the needs of designers, developers and their clients.","email":null,"website":"https://processwire.com","location":null,"twitter":"processwire","company":null,"icon_url":"https://avatars.githubusercontent.com/u/944567?v=4","repositories_count":3,"last_synced_at":"2023-03-05T15:05:58.927Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/processwire","created_at":"2022-11-15T18:14:17.814Z","updated_at":"2023-03-05T15:05:58.963Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/processwire","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/processwire/repositories"},"tags":[{"name":"3.0.227","sha":"2ea60ee7d545f347a68bcfa5f6c4507e092f8aed","kind":"commit","published_at":"2023-09-12T14:59:21.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.227","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.227","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.227","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.227/manifests"},{"name":"3.0.226","sha":"fdb5a1994167a29ced4b4fe6e7fcb3b4b9ae9a42","kind":"commit","published_at":"2023-08-25T18:32:50.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.226","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.226","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.226","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.226/manifests"},{"name":"3.0.210","sha":"6ff498f503db118d5b6c190b35bd937b38b80a77","kind":"commit","published_at":"2023-01-06T18:28:52.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.210","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.210","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.210","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.210/manifests"},{"name":"3.0.200","sha":"3acd7709c1cfc1817579db00c2f608235bdfb1e7","kind":"commit","published_at":"2022-05-20T14:54:23.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.200","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.200","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.200","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.200/manifests"},{"name":"3.0.184","sha":"d78276e2c265f6b70384a13eb4febd4811a1db77","kind":"commit","published_at":"2021-08-27T17:48:48.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.184","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.184","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.184","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.184/manifests"},{"name":"3.0.165","sha":"d8945198f4a6a60dab23bd0462e8a6285369dcb9","kind":"commit","published_at":"2020-08-21T18:38:42.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.165","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.165","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.165","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.165/manifests"},{"name":"3.0.164","sha":"b429de71e33066f611b0bf6e2cc3782b7e5dafa3","kind":"commit","published_at":"2020-07-31T17:51:05.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.164","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.164","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.164","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.164/manifests"},{"name":"3.0.148","sha":"51629cdd5f381d3881133baf83e1bd2d9306f867","kind":"commit","published_at":"2020-01-02T17:06:16.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.148","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.148","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.148","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.148/manifests"},{"name":"3.0.123","sha":"649d2569abc10bac43e98ca98db474dd3d6603ca","kind":"commit","published_at":"2018-12-21T19:30:49.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.123","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.123","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.123","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.123/manifests"},{"name":"3.0.98","sha":"341342dc5b1c58012ae7cb26cffe2c57cd915552","kind":"commit","published_at":"2018-04-06T18:25:49.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.98","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.98","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.98","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.98/manifests"},{"name":"3.0.96","sha":"941ef5cb672079c6b87eea666d50cac11dfc45ed","kind":"commit","published_at":"2018-03-16T14:44:38.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.96","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.96","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.96","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.96/manifests"},{"name":"3.0.62","sha":"57b297fd1d828961b20ef29782012f75957d6886","kind":"commit","published_at":"2017-05-05T17:43:17.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.62","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.62","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.62","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.62/manifests"},{"name":"3.0.61","sha":"3fc9f69da75e1bc4a3f0842f12a57bd6a1b65099","kind":"commit","published_at":"2017-04-21T15:27:47.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.61","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.61","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.61","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.61/manifests"},{"name":"3.0.42","sha":"35df716082b779de0e53a3fcf7996403c49c9f8a","kind":"commit","published_at":"2016-11-25T19:58:02.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.42","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.42","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.42","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.42/manifests"},{"name":"3.0.41","sha":"d935e9b6995124d76e6fda17fd47ab46dc4d3a3c","kind":"commit","published_at":"2016-11-18T17:23:27.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.41","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.41","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.41","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.41/manifests"},{"name":"3.0.39","sha":"36984e4a057268b7a45b848e1b3b6ee757583459","kind":"commit","published_at":"2016-11-02T16:27:01.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.39","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.39","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.39","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.39/manifests"},{"name":"3.0.36","sha":"1c2d015e3322b4a923cc9f6e3b0dca11a55e23a5","kind":"commit","published_at":"2016-10-07T15:48:44.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.36","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.36","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.36","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.36/manifests"},{"name":"3.0.35","sha":"d698b38d030a47f0751488594088e5c84a611340","kind":"commit","published_at":"2016-09-30T16:51:52.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.35","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.35","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.35","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.35/manifests"},{"name":"3.0.34","sha":"ac37212fe5ac22898354911ed9edb45fd535e56f","kind":"commit","published_at":"2016-09-23T12:39:25.000Z","download_url":"https://codeload.github.com/processwire/processwire/tar.gz/3.0.34","html_url":"https://github.com/processwire/processwire/releases/tag/3.0.34","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.34","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/tags/3.0.34/manifests"}]},"repo_metadata_updated_at":"2024-02-06T18:33:31.561Z","dependent_packages_count":30,"downloads":34241,"downloads_period":"total","dependent_repos_count":28,"rankings":{"downloads":6.661148605628423,"dependent_repos_count":2.0397297682854756,"dependent_packages_count":0.7030235105326167,"stargazers_count":0.38634916592385077,"forks_count":0.3282888738341797,"docker_downloads_count":null,"average":2.023707984840909},"purl":"pkg:composer/processwire/processwire","advisories":[{"uuid":"GSA_kwCzR0hTQS1nbXdyLTlqNHAtOTZ2bc4ABVWj","url":"https://github.com/advisories/GHSA-gmwr-9j4p-96vm","title":"ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature","description":"ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests to attacker-controlled internal or external hosts. Attackers can exploit differentiable error messages returned by the server to perform reliable internal network port scanning, host enumeration across RFC-1918 ranges, and potential access to cloud instance metadata endpoints.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-16T00:54:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2026-40500","https://gist.github.com/thepiyushkumarshukla/7514e5eed526fd9d20fcfc42ce8d0a82","https://processwire.com","https://www.vulncheck.com/advisories/processwire-cms-ssrf-via-add-module-from-url","https://github.com/advisories/GHSA-gmwr-9j4p-96vm"],"source_kind":"github","identifiers":["GHSA-gmwr-9j4p-96vm","CVE-2026-40500"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-16T23:00:09.237Z","updated_at":"2026-06-22T18:01:28.970Z","epss_percentage":0.00385,"epss_percentile":0.30131,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbXdyLTlqNHAtOTZ2bc4ABVWj","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nbXdyLTlqNHAtOTZ2bc4ABVWj","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.255"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbXdyLTlqNHAtOTZ2bc4ABVWj/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05cDQ0LXE2NnAteG02cM4ABNmk","url":"https://github.com/advisories/GHSA-9p44-q66p-xm6p","title":"ProcessWire CMS vulnerable to resource-exhaustion Denial of Service","description":"ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-10-21T18:30:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-60790","https://github.com/processwire/processwire-issues/issues/2120","https://github.com/NomanProdhan/security-vulnerability-research/tree/master/CVE-2025-60790","https://github.com/advisories/GHSA-9p44-q66p-xm6p"],"source_kind":"github","identifiers":["GHSA-9p44-q66p-xm6p","CVE-2025-60790"],"repository_url":"https://github.com/processwire/processwire-issues","blast_radius":8.248800778650649,"created_at":"2025-10-21T22:00:34.911Z","updated_at":"2026-06-22T18:03:38.053Z","epss_percentage":0.00395,"epss_percentile":0.31171,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cDQ0LXE2NnAteG02cM4ABNmk","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05cDQ0LXE2NnAteG02cM4ABNmk","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.246"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cDQ0LXE2NnAteG02cM4ABNmk/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yOXZ3LWNqZjkteGg0eM4AA-A3","url":"https://github.com/advisories/GHSA-r9vw-cjf9-xh4x","title":"ProcessWire Cross Site Request Forgery vulnerability","description":"Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-07-19T21:31:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.1,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-41597","https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md","https://github.com/advisories/GHSA-r9vw-cjf9-xh4x"],"source_kind":"github","identifiers":["GHSA-r9vw-cjf9-xh4x","CVE-2024-41597"],"repository_url":null,"blast_radius":3.0390318658186604,"created_at":"2024-07-19T23:05:21.332Z","updated_at":"2026-06-29T07:05:46.161Z","epss_percentage":0.00255,"epss_percentile":0.16832,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOXZ3LWNqZjkteGg0eM4AA-A3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yOXZ3LWNqZjkteGg0eM4AA-A3","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.229"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOXZ3LWNqZjkteGg0eM4AA-A3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s","url":"https://github.com/advisories/GHSA-2cvg-w29m-j8xc","title":"Arbitrary Code Execution in Processwire","description":"An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-01-24T21:30:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-24676","https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255","https://github.com/advisories/GHSA-2cvg-w29m-j8xc"],"source_kind":"github","identifiers":["GHSA-2cvg-w29m-j8xc","CVE-2023-24676"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-01-24T22:06:04.835Z","updated_at":"2026-06-23T16:08:07.035Z","epss_percentage":0.01312,"epss_percentile":0.6694,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.210"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1","url":"https://github.com/advisories/GHSA-vpwh-qmwc-2phg","title":"ProcessWire vulnerable to Cross-Site Request Forgery","description":"ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-10-31T19:00:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-40488","https://gist.github.com/filipaze/76138289ded98aa45dfcd939a8afd331","http://processwire.com","https://github.com/advisories/GHSA-vpwh-qmwc-2phg"],"source_kind":"github","identifiers":["GHSA-vpwh-qmwc-2phg","CVE-2022-40488"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:11:54.025Z","updated_at":"2026-06-20T04:09:28.029Z","epss_percentage":0.00273,"epss_percentile":0.18817,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.200"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cHdoLXFtd2MtMnBoZ84AAvm1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0","url":"https://github.com/advisories/GHSA-8g35-prrr-gxxf","title":"ProcessWire vulnerable to Cross-site Scripting","description":"ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-10-31T19:00:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-40487","https://gist.github.com/filipaze/32ab8683af8d82827028164e361b6e86","http://processwire.com","https://github.com/advisories/GHSA-8g35-prrr-gxxf"],"source_kind":"github","identifiers":["GHSA-8g35-prrr-gxxf","CVE-2022-40487"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:11:54.033Z","updated_at":"2026-06-20T04:09:28.029Z","epss_percentage":0.00406,"epss_percentile":0.3227,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0","packages":[{"ecosystem":"packagist","package_name":"processwire/processwire","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 3.0.200"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZzM1LXBycnItZ3h4Zs4AAvm0/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/packagist/processwire/processwire","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/packagist/processwire/processwire","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/packagist/processwire/processwire/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2024-02-02T18:58:30.841Z","issues_count":0,"pull_requests_count":108,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":13485560.358208954,"issues_closed_count":0,"pull_requests_closed_count":67,"pull_request_authors_count":43,"issue_authors_count":0,"avg_comments_per_issue":null,"avg_comments_per_pull_request":1.9444444444444444,"merged_pull_requests_count":0,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":22,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":3479276.5833333335,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":12,"past_year_pull_request_authors_count":15,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":1.9545454545454546,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/processwire%2Fprocesswire/issues"},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/processwire%2Fprocesswire/codemeta","maintainers":[{"uuid":"processwire","login":"processwire","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://packagist.org/users/processwire","role":null,"created_at":"2022-11-20T07:40:41.707Z","updated_at":"2022-11-20T07:40:41.707Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/processwire/packages"}]}