craftcms/cms vulnerabilities

Craft CMS

Latest version: 3.6.14

Licenses detected

  • license: MIT < 1.2.2333, >= 1.0.26.1
  • license: Unknown >= 1.2.2333
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the craftcms/cms package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Cross-site Scripting (XSS)
<3.6.13 Not available 09 May, 2021
  • M
Cross-site Scripting (XSS)
<3.1.33 Not available 29 Mar, 2021
  • M
Brute Force
<3.1.7 Not available 24 Oct, 2019
  • H
Cross-site Scripting (XSS)
<3.3.8 Not available 11 Oct, 2019
  • H
Information Exposure
<2.7.10,>=3.0.0, <3.2.6 Not available 26 Jul, 2019
  • M
Cross-site Scripting (XSS)
<3.1.31 Not available 18 Jun, 2019