Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist

statamic/cms

packagist

The Statamic CMS Core Package

View on github.com · View on packagist.org

Security Advisories for statamic/cms in packagist

Moderate
15 days ago

Statamic CMS: Server-Side Request Forgery via Glide GSA_kwCzR0hTQS1wZjljLWNoOHItMjk1OM4ABXA2

packagist statamic/cms
Moderate
26 days ago

Statamic CMS vulnerable to email enumeration via forgot password endpoint GSA_kwCzR0hTQS1tMjR2LWY3ZzUtZ3E2N84ABWTk

packagist statamic/cms
High
about 2 months ago

Statamic: Unsafe method invocation via query value resolution allows data destruction GSA_kwCzR0hTQS00ampyLXZtdjctd2g0d84ABVZE

packagist statamic/cms
Moderate
2 months ago

Statamic allows unauthorized content access through missing authorization in its revision controllers GSA_kwCzR0hTQS00aHA3LTN3eGctY3Y5cc4ABUVW

packagist statamic/cms
Moderate
2 months ago

Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields GSA_kwCzR0hTQS1nY3FmLTV4OWYtaHE3Zs4ABUVV

packagist statamic/cms
Moderate
2 months ago

Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential GSA_kwCzR0hTQS03Zjc0LTdxNXctaGo0cs4ABUVU

packagist statamic/cms
Moderate
2 months ago

Statamic's live preview token bypasses content protection for unrelated entries GSA_kwCzR0hTQS04dnd4LWNjZjYtNXdnMs4ABUVT

packagist statamic/cms
Moderate
2 months ago

Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag GSA_kwCzR0hTQS0zamc0LXAyM3gtcDRxeM4ABUVS

packagist statamic/cms
Moderate
2 months ago

Statamic's Markdown preview endpoint exposes sensitive user data GSA_kwCzR0hTQS1jdmgzLTIzdnEtdzdoNM4ABUVR

packagist statamic/cms
Moderate
3 months ago

Statamic is missing authorization check on taxonomy term creation via fieldtype GSA_kwCzR0hTQS13aDNoLWd2YzQtY2MyZ84ABT0_

packagist statamic/cms
Moderate
3 months ago

Statamic has a path traversal in file dictionary fieldtype GSA_kwCzR0hTQS1xbTdyLXd3cTctNmY4Nc4ABT0-

packagist statamic/cms
High
3 months ago

Statamic has Stored XSS via SVG Sanitization Bypass GSA_kwCzR0hTQS03cmN2LTU1bWotY2hnN84ABT09

packagist statamic/cms
Moderate
3 months ago

Statamic vulnerable to privilege escalation via stored cross-site scripting GSA_kwCzR0hTQS1oY2NoLXc3M2MtanA0bc4ABTl6

packagist statamic/cms
High
3 months ago

Statamic vulnerable to privilege escalation via stored cross-site scripting GSA_kwCzR0hTQS01dnJqLXdmN3YtNXdyN84ABS7k

packagist statamic/cms
High
3 months ago

Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs GSA_kwCzR0hTQS1jcHY3LXEyd3gtbThyd84ABS7j

packagist statamic/cms
Moderate
3 months ago

Statamic's missing authorization allows access to email addresses GSA_kwCzR0hTQS13ODc4LWY4YzYtN3I2M84ABS7i

packagist statamic/cms
Moderate
3 months ago

Statamic Vulnerable to Server-Side Request Forgery via Glide GSA_kwCzR0hTQS1jd3BwLTMyNXEtMmN2cM4ABS7h

packagist statamic/cms
High
3 months ago

Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass GSA_kwCzR0hTQS1ydzl4LXB4cXgtcTc4Oc4ABS6z

packagist statamic/cms
Critical
3 months ago

Statamic is vulnerable to account takeover via password reset link injection GSA_kwCzR0hTQS1qeHE5LTc5dmotcmd2d84ABSzD

packagist statamic/cms
High
3 months ago

Statamic affected by privilege escalation via stored cross-site scripting GSA_kwCzR0hTQS04cjdyLWY0Z20td2Nwcc4ABSmo

packagist statamic/cms
High
4 months ago

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting GSA_kwCzR0hTQS1mZjlyLXd3OWMtNDN4OM4ABSPB

packagist statamic/cms
Moderate
4 months ago

Statamic CMS's missing authorization allows access to assets GSA_kwCzR0hTQS1nd214LTlnY2otMzMyaM4ABSPA

packagist statamic/cms
High
7 months ago

Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation GSA_kwCzR0hTQS1nNTlyLTI0ZzMtaDdjbc4ABOCu

packagist statamic/cms
Moderate
over 1 year ago

Statamic CMS has a Path Traversal in Asset Upload GSA_kwCzR0hTQS1wN2Y2LThtY20tZnd2M84ABBfv

packagist statamic/cms
Low
almost 2 years ago

Password confirmation stored in plain text via registration form in statamic/cms GSA_kwCzR0hTQS1xdnBqLXc3eGotcjZ3Oc4AA8mW

packagist statamic/cms
High
over 2 years ago

Statmic CMS vulnerable to account takeover via XSS and password reset link GSA_kwCzR0hTQS12cXhxLWh2eHctOW12Oc4AA4_z

packagist statamic/cms
High
over 2 years ago

Cross-site Scripting via uploaded assets GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2

packagist statamic/cms
High
over 2 years ago

Statamic CMS vulnerable to remote code execution via form uploads GSA_kwCzR0hTQS0ycjUzLTkyOTUtM204Ns4AA3K4

packagist statamic/cms
High
over 2 years ago

Statamic CMS remote code execution via front-end form uploads GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3

packagist statamic/cms
Moderate
almost 3 years ago

Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG GSA_kwCzR0hTQS02cjVnLWNxNHEtMzI3Z84AA0Xo

packagist statamic/cms
High
about 4 years ago

Statamic framework Incorrect Permission Assignment GSA_kwCzR0hTQS01bTY0LTlocTUtNXBmMs3zzg

packagist statamic/cms
Low
about 4 years ago

Discoverability of user password hash in Statamic CMS GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ

packagist statamic/cms

Filter by Severity

Moderate 16 High 13 Low 2 Critical 1