Security: craftcms/cms
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Potential information disclosure via unchecked asset relocationGHSA-53vf-c43h-j2x9 published
Jan 3, 2026 by angrybradModerate -
Server-Side Request Forgery (SSRF) via GraphQL Asset Upload MutationGHSA-x27p-wfqw-hfcc published
Jan 3, 2026 by angrybradHigh -
Potential authenticated Remote Code Execution via Twig SSTIGHSA-742x-x762-7383 published
Jan 3, 2026 by angrybradModerate -
Potential authenticated Remote Code Execution via malicious attached BehaviorGHSA-255j-qw47-wjh5 published
Jan 3, 2026 by angrybradModerate -
Unauthenticated users can trigger a database backupGHSA-v64r-7wg9-23pr published
Jan 3, 2026 by angrybradModerate -
Potential Remote Code Execution via Twig SSTIGHSA-crcq-738g-pqvc published
Aug 25, 2025 by angrybradModerate -
Potential bypass for CVE-2025-23209GHSA-2vcf-qxv3-2mgw published
Aug 8, 2025 by angrybradLow -
Remote Code ExecutionGHSA-f3gw-9ww9-jmc3 published
Apr 24, 2025 by angrybradCritical -
Potential Remote Code Execution via Twig SSTIGHSA-7c58-g782-9j38 published
May 5, 2025 by angrybradHigh -
Potential RCE with a compromised security keyGHSA-x684-96hh-833x published
Jan 18, 2025 by angrybradHigh