Browse Security Advisories
Security Advisories for contao/core-bundle in packagist Clear Filters
Moderate
10 days ago
Contao does not properly manage privileges for page and article fields
packagist
contao/contao, contao/core-bundle
Moderate
10 days ago
Contao can disclose sensitive information in the news module
packagist
contao/contao, contao/core-bundle
Moderate
10 days ago
Contao discloses sensitive information in the front end search index
packagist
contao/contao, contao/core-bundle
Moderate
10 days ago
Contao applies improper access control in the back end voters
packagist
contao/contao, contao/core-bundle
Moderate
6 months ago
Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
packagist
contao/core-bundle
Moderate
12 months ago
Contao affected by insert tag injection via canonical URL
packagist
contao/core-bundle
Moderate
12 months ago
Contao affected by directory traversal in the file selector widget
packagist
contao/core-bundle
High
12 months ago
Contao affected by remote command execution through file upload
packagist
contao/core-bundle
Moderate
over 1 year ago
Contao: Cross site scripting in the file manager
packagist
contao/core-bundle
Moderate
over 1 year ago
Contao: Remember-me tokens will not be cleared after a password change
packagist
contao/core-bundle
High
over 1 year ago
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
packagist
contao/core-bundle
Critical
over 3 years ago
Contao SQL injection in the file manager
packagist
contao/core-bundle, contao/contao
Critical
over 3 years ago
Contao SQL injection in the backend and listing module
packagist
contao/listing-bundle, contao/core-bundle, contao/contao
High
over 3 years ago
Cross site scripting via canonical tag in Contao
packagist
contao/contao, contao/core-bundle
Critical
over 3 years ago
Contao Does Not Invalidate Existing Sessions When Password Changes
packagist
contao/core, contao/core-bundle, contao/contao
High
over 3 years ago
Contao Core directory traversal vulnerability
packagist
contao/core, contao/core-bundle, contao/contao
Critical
over 3 years ago
Contao Does Not Expire Tokens Correctly
packagist
contao/core-bundle, contao/contao
Moderate
over 3 years ago
Cross-site Scripting in Contao
packagist
contao/core-bundle, contao/core, contao/contao
Moderate
about 4 years ago
Cross site scripting via HTML attributes in the back end
packagist
contao/core-bundle, contao/contao
High
about 4 years ago
Privilege escalation via form generator
packagist
contao/contao, contao/core-bundle
Moderate
about 4 years ago
PHP file inclusion via insert tags
packagist
contao/contao, contao/core-bundle
Moderate
about 4 years ago
Cross site scripting in the system log
packagist
contao/contao, contao/core-bundle
Moderate
almost 5 years ago
Contao Insert tag injection in forms
packagist
contao/core-bundle, contao/contao
Moderate
over 5 years ago
Insert tag injection in the Contao login module
packagist
contao/contao, contao/core-bundle
Moderate
over 5 years ago
Information disclosure in the Contao backend
packagist
contao/contao, contao/core-bundle
High
over 5 years ago
Unrestricted file uploads in Contao
packagist
contao/contao, contao/core-bundle
Filter by Severity
Filter by Ecosystem
maven
6,834
packagist
5,402
pypi
4,922
npm
4,270
go
2,915
nuget
1,882
cargo
1,082
rubygems
929
actions
37
hex
37
swift
36
pub
10
Filter by Package
moodle/moodle
418
magento/community-edition
301
typo3/cms
190
pimcore/pimcore
120
dolibarr/dolibarr
116
typo3/cms-core
111
phpmyadmin/phpmyadmin
107
microweber/microweber
103
drupal/core
103
magento/project-community-edition
101
silverstripe/framework
92
librenms/librenms
83
drupal/drupal
83
thorsten/phpmyfaq
73
symfony/symfony
69
concrete5/concrete5
67
shopware/platform
58
craftcms/cms
53
mautic/core
48
baserproject/basercms
47
shopware/core
45
nilsteampassnet/teampass
42
showdoc/showdoc
41
mantisbt/mantisbt
41
froxlor/froxlor
40
intelliants/subrion
39
snipe/snipe-it
36
zendframework/zendframework1
34
shopware/shopware
30
getgrav/grav
30
contao/core-bundle
29
mediawiki/core
28
prestashop/prestashop
27
centreon/centreon
27
pocketmine/pocketmine-mp
25
magento/core
24
getkirby/cms
24
simplesamlphp/simplesamlphp
23
phpoffice/phpexcel
23
zendframework/zendframework
23
grumpydictator/firefly-iii
23
laravel/framework
23
remdex/livehelperchat
23
contao/contao
22
tribalsystems/zenario
22
phpoffice/phpspreadsheet
22
cockpit-hq/cockpit
20
funadmin/funadmin
20
topthink/framework
19
forkcms/forkcms
18
genix/cms
18
ezsystems/ezpublish-kernel
17
typo3/cms-backend
17
openmage/magento-lts
17
yetiforce/yetiforce-crm
17
opencart/opencart
17
symfony/security
17
cakephp/cakephp
17
francoisjacquet/rosariosis
17
october/system
16
phpbb/phpbb
16
silverstripe/cms
15
ec-cube/ec-cube
15
bolt/bolt
15
smarty/smarty
15
pimcore/admin-ui-classic-bundle
15
symfony/security-http
15
dompdf/dompdf
14
codeigniter4/framework
14
phpmailer/phpmailer
14
feehi/cms
14
modx/revolution
14
alextselegidis/easyappointments
13
studio-42/elfinder
13
lavalite/cms
13
yeswiki/yeswiki
13
phpmyfaq/phpmyfaq
13
impresscms/impresscms
13
sylius/sylius
13
admidio/admidio
13
elefant/cms
13
symfony/http-foundation
12
wwbn/avideo
12
wallabag/wallabag
12
leantime/leantime
11
feehi/feehicms
11
pagekit/pagekit
11
tinymce
11
yiisoft/yii2
11
TinyMCE
11
sulu/sulu
11
nukeviet/nukeviet
11
tinymce/tinymce
11
october/october
11
ezsystems/ezplatform-kernel
11
ssddanbrown/bookstack
10
spatie/browsershot
10
ezsystems/ezpublish-legacy
10
org.webjars:bootstrap
9
bootstrap
9
twbs/bootstrap
9
pterodactyl/panel
9
in2code/femanager
9
kevinpapst/kimai2
9
statamic/cms
9
pimcore/customer-management-framework-bundle
9
concrete5/core
9
billz/raspap-webgui
9
ezsystems/ezplatform-admin-ui
9
in2code/powermail
9
croogo/croogo
9
contao/core
9
bootstrap
9
twig/twig
9
bootstrap
9
silverstripe/graphql
8
facturascripts/facturascripts
8
gilacms/gila
8
flarum/core
8
starcitizentools/citizen-skin
8
joomla/joomla-cms
8
silverstripe/admin
8
codiad/codiad
8
composer/composer
8
october/cms
8
tecnickcom/tcpdf
8
directmailteam/direct-mail
8
wpglobus/wpglobus
7
redaxo/source
7
symfony/http-kernel
7
yiisoft/yii2-dev
7
passbolt/passbolt_api
7
bootstrap-sass
7
backdrop/backdrop
7
unopim/unopim
7
shopxo/shopxo
7
vrana/adminer
7
october/backend
7
bootstrap.sass
7
simplesamlphp/saml2
7
phpseclib/phpseclib
6
guzzlehttp/guzzle
6
api-platform/core
6
zoujingli/thinkadmin
6
bootstrap-sass
6
oro/platform
6
icecoder/icecoder
6
drupal/core-recommended
6
yourls/yourls
6
adodb/adodb-php
6
dweeves/magmi
6
bagisto/bagisto
6
nystudio107/craft-seomatic
6
gleez/cms
6
typo3/cms-install
6
pear/archive_tar
6
mautic/core-lib
5
symfony/security-core
5
ibexa/admin-ui
5
juzaweb/cms
5
elgg/elgg
5
ibexa/core
5
neos/neos
5
bottelet/flarepoint
5
typo3/flow
5
illuminate/database
5
silverstripe/assets
5
gugoan/economizzer
5
thinkcmf/thinkcmf
5
phpservermon/phpservermon
5
limesurvey/limesurvey
5
tcg/voyager
5
kimai/kimai
5
woocommerce/woocommerce
5
phpxmlrpc/phpxmlrpc
5
cachethq/cachet
5
anchorcms/anchor-cms
5
neos/flow
5
symfony/security-bundle
5
getformwork/formwork
5
ezsystems/ezplatform
4
wp-premium/gravityforms
4
drupal/ai
4
magento/product-community-edition
4
codeigniter/framework
4
bytefury/crater
4
livewire/livewire
4
evolutioncms/evolution
4
froala/wysiwyg-editor
4
pyrocms/pyrocms
4
league/commonmark
4
reportico-web/reportico
4
shopware/storefront
4
enshrined/svg-sanitize
4
typo3/cms-form
4
yiisoft/yii
4
ckeditor/ckeditor
4
bref/bref
4
pixelfed/pixelfed
4
codeigniter4/shield
4