craftcms/cms vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-37843Criticalcraftcms/cms: Craft CMS SQL injection vulnerability via the GraphQL API endpointCVE-2023-36260Highcraftcms/cms: Craft CMS Feed-MeCVE-2024-21622Mediumcraftcms/cms: Craft CMS Privilege EscalationCVE-2023-41892Criticalcraftcms/cms: Craft CMS Remote Code Execution vulnerabilityCVE-2023-40035Highcraftcms/cms: Craft CMS vulnerable to Remote Code Execution via validatePath bypassCVE-2023-33495Mediumcraftcms/cms: Craft CMS vulnerable to HTML injectionCVE-2023-2817Mediumcraftcms/cms: Stored cross site scripting in Craft CMSCVE-2023-33197Mediumcraftcms/cms: Craft CMS stored XSS in indexedVolumesCVE-2023-33196Mediumcraftcms/cms: Craft CMS stored XSS in review volumeCVE-2023-33195Mediumcraftcms/cms: Craft CMS XSS in RSS widget feedCVE-2023-33194Lowcraftcms/cms: CraftCMS stored XSS in Quick Post widget error messageCVE-2023-32679Highcraftcms/cms: Craft CMS vulnerable to Remote Code Execution via unrestricted file extension CVE-2023-30130Highcraftcms/cms: CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameterCVE-2023-31144Mediumcraftcms/cms: craftcms/cms vulnerable to cross site scripting in RSS feed widgetCVE-2023-30177Mediumcraftcms/cms: Cross Site Scripting in CraftCMSCVE-2023-23927Mediumcraftcms/cms: Craft CMS Stored Cross-site Scripting Injection VulnerabilityCVE-2022-37783Highcraftcms/cms: Craft CMS discloses password hashesCVE-2022-37246Mediumcraftcms/cms: Craft CMS Cross-site Scripting vulnerabilityCVE-2022-37250Mediumcraftcms/cms: Craft CMS Stored Cross-site Scripting in User Addresses TitleCVE-2022-37248Mediumcraftcms/cms: Craft CMS Cross site Scripting vulnerabilityCVE-2022-37251Mediumcraftcms/cms: Craft CMS vulnerable to Cross-site Scripting via entry revisions and draftsCVE-2022-37247Mediumcraftcms/cms: Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields pageCVE-2020-19626Mediumcraftcms/cms: Craft CMS Cross-site Scripting VulnerabilityCVE-2019-15929Criticalcraftcms/cms: Craft CMS possibility of brute force attemptsCVE-2019-17496Mediumcraftcms/cms: Craft CMS XSS Vulnerability

Stop the waste.
Protect your environment with Kodem.