{"package":"reportico-web/reportico","ecosystem":"composer","latest_version":"8.1.0","description":"Reportico Open Source PHP Report Designer","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://www.reportico.org/","repository":"https://github.com/reportico-web/reportico","downloads_weekly":0,"health":{"score":33,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":16,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":1,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2024-31556","severity":"medium","summary":"Reportico Web fails to invalidate cookies upon logout","affected_versions":"<=8.1.0|=4.6|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.2|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=7.0.1-alpha|=7.0.10-alpha|=7.0.2-alpha|=7.0.3-alpha|=7.0.4-alpha|=7.0.5-alpha|=7.0.6-alpha|=7.0.7-alpha|=7.0.8-alpha|=7.0.9-alpha|=7.1.0-alpha|=7.1.1-alpha|=7.1.10-alpha|=7.1.11-alpha|=7.1.12-alpha|=7.1.13-alpha|=7.1.14-alpha|=7.1.15-alpha|=7.1.16-alpha|=7.1.17-alpha|=7.1.18-alpha|=7.1.19-beta|=7.1.2-alpha|=7.1.20-beta|=7.1.21-beta|=7.1.22-beta|=7.1.23-beta|=7.1.24-beta|=7.1.25-beta|=7.1.26-beta|=7.1.27-beta|=7.1.28-beta|=7.1.29-beta|=7.1.3-alpha|=7.1.30-beta|=7.1.31-beta|=7.1.32-beta|=7.1.33-beta|=7.1.34-beta|=7.1.35-beta|=7.1.36-beta|=7.1.37-beta|=7.1.38-beta|=7.1.39-beta|=7.1.4-alpha|=7.1.40-beta|=7.1.41-beta|=7.1.42-beta|=7.1.5-alpha|=7.1.6-alpha|=7.1.7-alpha|=7.1.8-alpha|=7.1.9-alpha|=8.0.1|=8.0.2|=8.0.3|=8.1.0","fixed_version":null,"source":"osv","published_at":"2024-05-14T21:34:44Z","in_kev":false,"epss_prob":0.00083,"epss_percentile":0.23957,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-47438","severity":"high","summary":"SQL Injection vulnerability in Reportico Till","affected_versions":"<=8.1.0|=4.6|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.2|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=7.0.1-alpha|=7.0.10-alpha|=7.0.2-alpha|=7.0.3-alpha|=7.0.4-alpha|=7.0.5-alpha|=7.0.6-alpha|=7.0.7-alpha|=7.0.8-alpha|=7.0.9-alpha|=7.1.0-alpha|=7.1.1-alpha|=7.1.10-alpha|=7.1.11-alpha|=7.1.12-alpha|=7.1.13-alpha|=7.1.14-alpha|=7.1.15-alpha|=7.1.16-alpha|=7.1.17-alpha|=7.1.18-alpha|=7.1.19-beta|=7.1.2-alpha|=7.1.20-beta|=7.1.21-beta|=7.1.22-beta|=7.1.23-beta|=7.1.24-beta|=7.1.25-beta|=7.1.26-beta|=7.1.27-beta|=7.1.28-beta|=7.1.29-beta|=7.1.3-alpha|=7.1.30-beta|=7.1.31-beta|=7.1.32-beta|=7.1.33-beta|=7.1.34-beta|=7.1.35-beta|=7.1.36-beta|=7.1.37-beta|=7.1.38-beta|=7.1.39-beta|=7.1.4-alpha|=7.1.40-beta|=7.1.41-beta|=7.1.42-beta|=7.1.5-alpha|=7.1.6-alpha|=7.1.7-alpha|=7.1.8-alpha|=7.1.9-alpha|=8.0.1|=8.0.2|=8.0.3|=8.1.0","fixed_version":null,"source":"osv","published_at":"2024-03-28T00:31:37Z","in_kev":false,"epss_prob":0.00091,"epss_percentile":0.25446,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-48865","severity":"medium","summary":"Reportico affected by Incorrect Access Control","affected_versions":"<=8.1.0|=4.6|=6.0.0|=6.0.1|=6.0.10|=6.0.11|=6.0.12|=6.0.13|=6.0.14|=6.0.15|=6.0.16|=6.0.2|=6.0.3|=6.0.4|=6.0.5|=6.0.6|=6.0.7|=6.0.8|=6.0.9|=7.0.1-alpha|=7.0.10-alpha|=7.0.2-alpha|=7.0.3-alpha|=7.0.4-alpha|=7.0.5-alpha|=7.0.6-alpha|=7.0.7-alpha|=7.0.8-alpha|=7.0.9-alpha|=7.1.0-alpha|=7.1.1-alpha|=7.1.10-alpha|=7.1.11-alpha|=7.1.12-alpha|=7.1.13-alpha|=7.1.14-alpha|=7.1.15-alpha|=7.1.16-alpha|=7.1.17-alpha|=7.1.18-alpha|=7.1.19-beta|=7.1.2-alpha|=7.1.20-beta|=7.1.21-beta|=7.1.22-beta|=7.1.23-beta|=7.1.24-beta|=7.1.25-beta|=7.1.26-beta|=7.1.27-beta|=7.1.28-beta|=7.1.29-beta|=7.1.3-alpha|=7.1.30-beta|=7.1.31-beta|=7.1.32-beta|=7.1.33-beta|=7.1.34-beta|=7.1.35-beta|=7.1.36-beta|=7.1.37-beta|=7.1.38-beta|=7.1.39-beta|=7.1.4-alpha|=7.1.40-beta|=7.1.41-beta|=7.1.42-beta|=7.1.5-alpha|=7.1.6-alpha|=7.1.7-alpha|=7.1.8-alpha|=7.1.9-alpha|=8.0.1|=8.0.2|=8.0.3|=8.1.0","fixed_version":null,"source":"osv","published_at":"2024-04-12T00:30:26Z","in_kev":false,"epss_prob":0.00068,"epss_percentile":0.20678,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"8.1.0","total_count":75,"recent":["8.1.0","8.0.3","8.0.2","8.0.1","7.1.42-beta","7.1.41-beta","7.1.40-beta","7.1.39-beta","7.1.38-beta","7.1.37-beta","7.1.36-beta","7.1.35-beta","7.1.34-beta","7.1.33-beta","7.1.32-beta","7.1.31-beta","7.1.30-beta","7.1.29-beta","7.1.28-beta","7.1.27-beta"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2023-01-07T17:23:02+00:00","dependencies_count":7,"dependencies":["php","twig/twig","tecnickcom/tcpdf","szymach/c-pchart","spatie/browsershot","reportico/adodb-php","reportico/assetter"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (33/100) — verify manually","1 high severity vulnerabilities"],"use_version":"8.1.0","version_hint":null,"summary":"reportico-web/reportico@8.1.0 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":341,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":1210,"avg_days_between_releases":null,"release_velocity":"stale"}}