silverstripe/framework vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-256Q-HX8W-XCQXMediumsilverstripe/framework: Silverstripe Framework user enumeration via timing attack on login and password reset formsCVE-2025-30148Mediumsilverstripe/framework: Silverstripe Framework has a XSS vulnerability in HTML editorGHSA-74J9-XHQR-6QV3Lowsilverstripe/framework: Reflected Cross Site Scripting (XSS) in error messageGHSA-MQF3-QPC3-G26QLowsilverstripe/framework: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error messageCVE-2024-53277Mediumsilverstripe/framework: Silverstripe Framework has a XSS in form messagesCVE-2024-47605Mediumsilverstripe/framework: Silverstripe Framework has a XSS via insert media remote file oembedGHSA-52CW-PVQ9-9M5VMediumsilverstripe/framework: Silverstripe uses TinyMCE which allows svg files linked in object tagsCVE-2024-32981Mediumsilverstripe/framework: Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payloadGHSA-265Q-222X-52M6Highsilverstripe/framework: silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connectorGHSA-CWGQ-83W5-8JFQHighsilverstripe/framework: silverstripe/framework has possible denial of service attack vector when flushingGHSA-M2HH-2M46-X6J5Mediumsilverstripe/framework: silverstripe/framework may disclose database credentials during connection failureGHSA-VCG6-8FXC-X5CQHighsilverstripe/framework: silverstripe/framework allows upload of dangerous file typesGHSA-CRR3-H4M8-7F56Mediumsilverstripe/framework: silverstripe/framework vulnerable to member disclosure in login formGHSA-VH7Q-J8P5-2H4HLowsilverstripe/framework: silverstripe/framework sends passwords back to browsers under some circumstancesGHSA-F43J-8HQ4-2XJ9Mediumsilverstripe/framework: silverstripe/framework uploaded PHP script execution in assetsGHSA-VGXH-X8JV-HMFFHighsilverstripe/framework: silverstripe/framework code execution vulnerabilityGHSA-M5Q3-MVCR-GC5MHighsilverstripe/framework: silverstripe/framework BackURL validation bypass with malformed URLsGHSA-R3PR-FH25-WRFCMediumsilverstripe/framework: silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential formsGHSA-XPFF-C35G-J3CRMediumsilverstripe/framework: silverstripe/framework Privilege Escalation Risk in Member Edit formGHSA-55QG-6C4M-MW6GMediumsilverstripe/framework: silverstripe/framework's URL parameters `isDev` and `isTest` unguardedGHSA-XX4R-5265-48J6Highsilverstripe/framework: silverstripe/framework SQL injection in full text search GHSA-PH62-FV59-VF9HMediumsilverstripe/framework: silverstripe/framework users inadvertently passing sensitive data to LoginAttemptGHSA-MQJC-X563-C9Q8Highsilverstripe/framework: silverstripe/framework CSV Excel Macro InjectionGHSA-7M2V-X7RG-5HM5Highsilverstripe/framework: silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset formsGHSA-4QX8-J9VH-2628Highsilverstripe/framework: silverstripe/framework's User-Agent header not correctly invalidating user session

Stop the waste.
Protect your environment with Kodem.