{"package":"tcg/voyager","ecosystem":"composer","latest_version":"v1.8.0","description":"A Laravel Admin Package for The Control Group to make your life easier and steer your project in the right direction","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://voyager.devdojo.com/","repository":"https://github.com/thedevdojo/voyager","downloads_weekly":0,"health":{"score":0,"risk":"critical","breakdown":{"maintenance":5,"popularity":0,"security":8,"maturity":12,"community":2},"deprecated":true,"max_score":100},"vulnerabilities":{"count":4,"critical":1,"high":1,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2024-55417","severity":"medium","summary":"DevDojo Voyager Arbitrary File Write","affected_versions":"<=1.8.0|=v0.11.14|=v1.0.10|=v1.0.11|=v1.0.12|=v1.0.13|=v1.0.14|=v1.0.15|=v1.0.16|=v1.0.17|=v1.1.0|=v1.1.1|=v1.1.10|=v1.1.11|=v1.1.12|=v1.1.2|=v1.1.3|=v1.1.4|=v1.1.5|=v1.1.6|=v1.1.7|=v1.1.8|=v1.1.9|=v1.2.0|=v1.2.1|=v1.2.2|=v1.2.3|=v1.2.4|=v1.2.5|=v1.2.6|=v1.2.7|=v1.3.0|=v1.3.1|=v1.3.2|=v1.4.0|=v1.4.1|=v1.4.2|=v1.4.3|=v1.5.0|=v1.5.1|=v1.5.2|=v1.6.0|=v1.7|=v1.8.0","fixed_version":null,"source":"osv","published_at":"2025-01-30T15:31:39Z","in_kev":false,"epss_prob":0.2302,"epss_percentile":0.95932,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-55415","severity":"high","summary":"DevDojo Voyager vulnerable to path traversal","affected_versions":"<=1.8.0|=v0.11.14|=v1.0.10|=v1.0.11|=v1.0.12|=v1.0.13|=v1.0.14|=v1.0.15|=v1.0.16|=v1.0.17|=v1.1.0|=v1.1.1|=v1.1.10|=v1.1.11|=v1.1.12|=v1.1.2|=v1.1.3|=v1.1.4|=v1.1.5|=v1.1.6|=v1.1.7|=v1.1.8|=v1.1.9|=v1.2.0|=v1.2.1|=v1.2.2|=v1.2.3|=v1.2.4|=v1.2.5|=v1.2.6|=v1.2.7|=v1.3.0|=v1.3.1|=v1.3.2|=v1.4.0|=v1.4.1|=v1.4.2|=v1.4.3|=v1.5.0|=v1.5.1|=v1.5.2|=v1.6.0|=v1.7|=v1.8.0","fixed_version":null,"source":"osv","published_at":"2025-01-30T15:31:39Z","in_kev":false,"epss_prob":0.59706,"epss_percentile":0.98267,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2024-55416","severity":"low","summary":"DevDojo Voyager vulnerable to reflected Cross-site Scripting","affected_versions":"<=1.8.0|=v0.11.14|=v1.0.10|=v1.0.11|=v1.0.12|=v1.0.13|=v1.0.14|=v1.0.15|=v1.0.16|=v1.0.17|=v1.1.0|=v1.1.1|=v1.1.10|=v1.1.11|=v1.1.12|=v1.1.2|=v1.1.3|=v1.1.4|=v1.1.5|=v1.1.6|=v1.1.7|=v1.1.8|=v1.1.9|=v1.2.0|=v1.2.1|=v1.2.2|=v1.2.3|=v1.2.4|=v1.2.5|=v1.2.6|=v1.2.7|=v1.3.0|=v1.3.1|=v1.3.2|=v1.4.0|=v1.4.1|=v1.4.2|=v1.4.3|=v1.5.0|=v1.5.1|=v1.5.2|=v1.6.0|=v1.7|=v1.8.0","fixed_version":null,"source":"osv","published_at":"2025-01-30T15:31:39Z","in_kev":false,"epss_prob":0.01858,"epss_percentile":0.83104,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-32931","severity":"critical","summary":"DevDojo Voyager Argument Injection vulnerability","affected_versions":">=1.4.0,<=1.8.0|=v1.4.0|=v1.4.1|=v1.4.2|=v1.4.3|=v1.5.0|=v1.5.1|=v1.5.2|=v1.6.0|=v1.7|=v1.8.0","fixed_version":null,"source":"osv","published_at":"2025-04-14T18:31:49Z","in_kev":false,"epss_prob":0.00374,"epss_percentile":0.59076,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"v1.8.0","total_count":43,"recent":["v1.8.0","v1.7","v1.6.0","v1.5.2","v1.5.1","v1.5.0","v1.4.3","v1.4.2","v1.4.1","v1.4.0","v1.3.2","v1.3.1","v1.3.0","v1.2.7","v1.2.6","v1.2.5","v1.2.4","v1.2.3","v1.2.2","v1.2.1"]},"metadata":{"deprecated":true,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"2024-09-24T16:51:41+00:00","dependencies_count":7,"dependencies":["php","illuminate/support","intervention/image","laravel/ui","arrilot/laravel-widgets","league/flysystem","ext-json"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (0/100)","1 high severity vulnerabilities","Package is deprecated","1 critical vulnerabilities"],"use_version":"v1.8.0","version_hint":null,"summary":"tcg/voyager has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":4881,"is_archived":true,"stars":11819,"alerts":["single_active_maintainer_3m","archived_repo"]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":581,"avg_days_between_releases":null,"release_velocity":"stale"}}