-
Notifications
You must be signed in to change notification settings - Fork 639
Security: craftcms/cms
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Potential RCE when PHP `register_argc_argv` config setting is enabledGHSA-2p6p-9rc9-62j9 published
Dec 18, 2024 by angrybradHigh -
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code ExecutionGHSA-jrh5-vhr9-qh7q published
Nov 13, 2024 by angrybradHigh -
Potential Remote Code Execution via missing path normalization & Twig SSTIGHSA-f3cw-hg6r-chfv published
Nov 13, 2024 by angrybradHigh -
Read Arbitrary System FilesGHSA-cw6g-qmjq-6w2w published
Nov 13, 2024 by angrybradHigh -
TOTP Token Stays Valid After UseGHSA-wmx7-pw49-88jx published
Jul 25, 2024 by angrybradModerate -
Stored XSS in breadcrumb list and title fieldsGHSA-28h4-788g-rh42 published
Sep 9, 2024 by angrybradModerate -
Privilege EscalationGHSA-j5g9-j7r4-6qvx published
Jan 3, 2024 by angrybradModerate -
Remote Code ExecutionGHSA-4w8r-3xrw-v25g published
Sep 13, 2023 by angrybradCritical -
Remote Code Execution via validatePath bypassGHSA-44wr-rmwq-3phw published
Aug 19, 2023 by angrybradHigh -
Stored XSS in review volumneGHSA-cjmm-x9x9-m2w5 published
May 25, 2023 by angrybradModerate