Glossword versions 1.8.11 and below suffer from a local file inclusion vulnerability in index.php.
273810e74f9701aa30e1e70039f2f7af6379da4b285dca3890d3bf3bfde294e6
Agavi versions 1.0.0 Beta 5 and below suffer from a directory traversal vulnerability.
f94a970b9bbb5bdc2b10262340f879ac6a00f4778368f91d7ce16b462876a61f