Search for packages
| purl | pkg:composer/james-heinrich/getid3@1.9.9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qgmm-hss9-tba2
Aliases: CVE-2021-40926 GHSA-x2gw-85w6-fjjw |
Cross-site scripting in demos/demo.mysqli.php in getID3 Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9v5c-vpyh-hqaj | getID3 is vulnerable to XML External Entity (XXE) getID3() before 1.9.9, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. |
CVE-2014-2053
GHSA-5v43-55m5-qr8f |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-02T12:42:40.230953+00:00 | GHSA Importer | Fixing | VCID-9v5c-vpyh-hqaj | https://github.com/advisories/GHSA-5v43-55m5-qr8f | 37.0.0 |
| 2025-08-01T10:29:52.138254+00:00 | GitLab Importer | Fixing | VCID-9v5c-vpyh-hqaj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/james-heinrich/getid3/CVE-2014-2053.yml | 37.0.0 |
| 2025-08-01T10:03:53.746894+00:00 | GitLab Importer | Affected by | VCID-qgmm-hss9-tba2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/james-heinrich/getid3/CVE-2021-40926.yml | 37.0.0 |
| 2025-07-31T09:07:35.069461+00:00 | GithubOSV Importer | Fixing | VCID-9v5c-vpyh-hqaj | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5v43-55m5-qr8f/GHSA-5v43-55m5-qr8f.json | 37.0.0 |