craftcms/cms
packagist · Craft CMS · Repository · Package
Security Advisories for craftcms/cms in packagist
Moderate
about 1 month ago
Craft CMS Potential Remote Code Execution via Twig SSTI
packagist
craftcms/cms
Moderate
about 2 months ago
Craft CMS has a theoretical bypass for CVE-2025-23209
packagist
craftcms/cms
Moderate
5 months ago
Craft CMS stores arbitrary content provided by unauthenticated users in session files
packagist
craftcms/cms
High
5 months ago
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
packagist
craftcms/cms
High
8 months ago
Craft CMS has a potential RCE with a compromised security key
packagist
craftcms/cms
Critical
10 months ago
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
packagist
craftcms/cms
High
11 months ago
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
packagist
craftcms/cms
High
11 months ago
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
packagist
craftcms/cms
Moderate
about 1 year ago
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
packagist
craftcms/cms
Moderate
about 1 year ago
Craft CMS Allows TOTP Token To Stay Valid After Use
packagist
craftcms/cms
Critical
over 1 year ago
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
packagist
craftcms/cms
High
about 2 years ago
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
packagist
craftcms/cms
High
over 2 years ago
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
packagist
craftcms/cms
High
over 2 years ago
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
packagist
craftcms/cms
Moderate
over 2 years ago
craftcms/cms vulnerable to cross site scripting in RSS feed widget
packagist
craftcms/cms
Moderate
over 2 years ago
Craft CMS Stored Cross-site Scripting Injection Vulnerability
packagist
craftcms/cms
Moderate
about 3 years ago
Craft CMS Stored Cross-site Scripting in User Addresses Title
packagist
craftcms/cms
Moderate
about 3 years ago
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
packagist
craftcms/cms
Moderate
about 3 years ago
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
packagist
craftcms/cms