Search for packages
| purl | pkg:composer/topthink/framework@8.0.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-74ev-f8gq-j7h1
Aliases: CVE-2024-44902 GHSA-f4wh-359g-4pq7 |
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-grek-9pzd-kkdm
Aliases: CVE-2024-34467 GHSA-969f-v7jv-pgj3 |
ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T19:39:08.448599+00:00 | GitLab Importer | Affected by | VCID-74ev-f8gq-j7h1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/topthink/framework/CVE-2024-44902.yml | 38.6.0 |
| 2026-06-12T19:27:05.377986+00:00 | GitLab Importer | Affected by | VCID-grek-9pzd-kkdm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/topthink/framework/CVE-2024-34467.yml | 38.6.0 |
| 2026-06-11T20:34:37.880498+00:00 | GHSA Importer | Affected by | VCID-grek-9pzd-kkdm | https://github.com/advisories/GHSA-969f-v7jv-pgj3 | 38.6.0 |