Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
Paymenter has race condition in payWithCredit() that enables credit double-spend Moderate
CVE-2026-55219 was published for paymenter/paymenter (Composer) Jun 30, 2026
debibobo Credited to debibobo and CorwinDev CorwinDev CorwinDev
Paymenter has URL parameter injection that bypasses paid plan limits at checkout High
CVE-2026-47198 was published for paymenter/paymenter (Composer) Jun 30, 2026
debibobo Credited to debibobo and CorwinDev CorwinDev CorwinDev
Paymenter has broken object level authorization via service reference manipulation on ticket creation Moderate
CVE-2026-44585 was published for paymenter/paymenter (Composer) Jun 22, 2026
ljskatt Credited to ljskatt and CorwinDev CorwinDev CorwinDev
Paymenter doesn't reset email verification status after email change Moderate
CVE-2026-44584 was published for paymenter/paymenter (Composer) Jun 22, 2026
ljskatt Credited to ljskatt and CorwinDev CorwinDev CorwinDev
Paymenter has Blind Unauthenticated SSRF on the Paypal gateway module Moderate
CVE-2026-44583 was published for paymenter/paymenter (Composer) Jun 22, 2026
boomerangBS Credited to boomerangBS and CorwinDev CorwinDev CorwinDev
Paymenter vulnerable to Remote Code Execution via public file uploads Critical
CVE-2025-58048 was published for paymenter/paymenter (Composer) Jun 22, 2026
enigmaticious Credited to enigmaticious and CorwinDev CorwinDev CorwinDev
ProTip! Advisories are also available from the GraphQL API