contao/core vulnerabilities

Contao Open Source CMS

Latest version: 3.5.40

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the contao/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • L
Security Issue
<3.5.39 Not available 15 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=3.0.0, <3.5.32 Not available 22 Jan, 2018
  • M
SQL Injection
>=3.0.0, <3.5.31 Not available 04 Dec, 2017
  • H
Arbitrary File Inclusion
>=3.0.0, <3.5.28,>=4.0.0, <4.4.1 Not available 12 Jul, 2017
  • M
Cross-site Scripting (XSS)
>=3.0.0, <3.5.15 Not available 15 Jul, 2016
  • M
Directory Traversal
>=2.0.0, <3.0.0,>=3.0.0, <3.4.4 Not available 12 Feb, 2015
  • H
Arbitrary Code Execution
>=2.0.0, <2.11.17,>=3.0.0, <3.2.9 Not available 07 Apr, 2014
  • H
Arbitrary Code Execution
>=2.0.0, <2.11.16,>=3.0.0, <3.2.7 Not available 13 Feb, 2014