october/system vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-29179Lowoctober/system: October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File OperationsCVE-2026-27937Lowoctober/system: October CMS: Reflected XSS via DataTable Form WidgetCVE-2026-26067Mediumoctober/system: October CMS has Safe Mode Bypass via CSS Preprocessor CompilersCVE-2026-24907Mediumoctober/system: October CMS has Stored XSS in Event Log Mail PreviewCVE-2026-24906Mediumoctober/system: October CMS has Stored XSS in Backend Editor Markup ClassesCVE-2025-61676Mediumoctober/system: October CMS Vulnerable to Stored XSS via Branding StylesCVE-2025-61674Mediumoctober/system: October CMS Vulnerable to Stored XSS via Editor and Branding StylesCVE-2024-51991Lowoctober/system: October CMS Allows Unprotected SVG Rename in Media ManagerCVE-2024-24764Lowoctober/system: October System module has an Open Redirect for Administrator AccountsCVE-2024-25637Lowoctober/system: October System module has a Reflected XSS via X-October-Request-Handler HeaderCVE-2023-44383Mediumoctober/system: October CMS stored XSS by authenticated backend user with improper configurationCVE-2023-44382Criticaloctober/system: October CMS safe mode bypass using Twig sandbox escapeCVE-2023-44381Mediumoctober/system: October CMS safe mode bypass using Page template injectionCVE-2022-35944Highoctober/system: October CMS Safe Mode bypass leads to authenticated Remote Code ExecutionCVE-2022-24800Highoctober/system: October CMS upload process vulnerable to RCE via Race ConditionCVE-2022-23655Mediumoctober/system: Missing server signature validation in OctoberCMSCVE-2022-21705Highoctober/system: Authenticated remote code execution in October CMSCVE-2021-32650Highoctober/system: october/system arbitrary code executionCVE-2021-32649Highoctober/system: October/System authenticated file write leads to remote code executionCVE-2021-41126Highoctober/october: Deleted Admin Can Sign In to Admin InterfaceCVE-2021-29487Highoctober/system: October CMS auth bypass and account takeoverCVE-2021-32648Highoctober/system: Account Takeover in OctobercmsGHSA-V73W-R9XG-7CR9Mediumoctober/october: Use of insecure jQuery version in OctoberCMS

Stop the waste.
Protect your environment with Kodem.