Search for packages
| purl | pkg:composer/james-heinrich/getid3@1.9.8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9v5c-vpyh-hqaj
Aliases: CVE-2014-2053 GHSA-5v43-55m5-qr8f |
getID3 is vulnerable to XML External Entity (XXE) getID3() before 1.9.9, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. |
Affected by 1 other vulnerability. |
|
VCID-qgmm-hss9-tba2
Aliases: CVE-2021-40926 GHSA-x2gw-85w6-fjjw |
Cross-site scripting in demos/demo.mysqli.php in getID3 Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T10:29:52.134050+00:00 | GitLab Importer | Affected by | VCID-9v5c-vpyh-hqaj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/james-heinrich/getid3/CVE-2014-2053.yml | 37.0.0 |
| 2025-08-01T10:03:53.742266+00:00 | GitLab Importer | Affected by | VCID-qgmm-hss9-tba2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/james-heinrich/getid3/CVE-2021-40926.yml | 37.0.0 |