silverstripe/framework vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-25GQ-JVX2-VG9XHighsilverstripe/framework: Silverstripe X-Forwarded-Host request hostname injectionGHSA-JQP8-V74P-G8PXMediumsilverstripe/framework: Silverstripe XSS in Director::force_redirect()GHSA-4H54-VWX9-3VR3Mediumsilverstripe/framework: Silverstripe XSS In FormActionGHSA-34Q6-XQXH-GQ39Mediumsilverstripe/framework: Silverstripe XSS In rewritten hash linksGHSA-88JP-9JRV-6368Mediumsilverstripe/framework: Silverstripe XSS In GridField printGHSA-R32J-MR8P-HFP8Mediumsilverstripe/framework: Silverstripe XSS in TreeDropdownField and TreeMultiSelectFieldGHSA-G43W-98WP-M694Mediumsilverstripe/framework: SilverStripe framework XML Quadratic Blowup AttackGHSA-5F5V-5C3V-GW5VMediumsilverstripe/framework: Silverstripe IE requests not properly behaving with rewritehashlinksCVE-2023-48714Mediumsilverstripe/framework: Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleterCVE-2023-32302Lowsilverstripe/framework: Silverstripe Framework: Members with no password can be created and bypass custom login formsCVE-2023-22728Mediumsilverstripe/framework: Missing permission check of canView in GridFieldPrintButtonCVE-2023-22729Mediumsilverstripe/framework: Open redirect vulnerability on CMSSecurity relogin screen CVE-2022-38148Highsilverstripe/framework: Blind SQL Injection via GridFieldSortableHeaderCVE-2022-38462Mediumsilverstripe/framework: Reflected XSS in querystring parametersCVE-2022-37429Mediumsilverstripe/framework: Stored XSS using HTMLEditorCVE-2022-37430Mediumsilverstripe/framework: Stored XSS using uppercase characters in HTMLEditorCVE-2022-38724Mediumsilverstripe/assets: Silverstripe XSS in shortcodesCVE-2021-41559Mediumsilverstripe/framework: Quadratic blowup in Convert::xml2array()CVE-2022-25238Mediumsilverstripe/framework: Stored XSS via HTML fields in SilverStripe FrameworkCVE-2022-28803Mediumsilverstripe/framework: Stored XSS in link tags added via XHR in SilverStripe FrameworkCVE-2020-25817Mediumsilverstripe/framework: SilverStripe XXE Vulnerability in CSSContentParserCVE-2020-9311Mediumsilverstripe/cms: Silverstripe CMS XSS VulnerabilityCVE-2020-6164Highsilverstripe/cms: Silverstripe CMS information disclosureCVE-2019-19326Mediumsilverstripe/framework: SilverStripe Web Cache Poisoning through HTTPRequestBuilderCVE-2020-9280Highsilverstripe/framework: SilverStripe Folders migrated from 3.x may be unsafe to upload to

Stop the waste.
Protect your environment with Kodem.