OSV - Open Source Vulnerabilities

GHSA-r3w8-2c5r-h9j9

Packagist/getkirby/cms

Kirby: `pages.access` permission is not checked in the `site/find` REST API route

2 hours ago

Fix available
Severity - 7.1 (High)

GHSA-89cp-7p28-jffg

Packagist/getkirby/cms

Kirby: Access to files of top-level drafts is not protected by permissions

2 hours ago

Fix available
Severity - 6.3 (Medium)

GHSA-whxw-24jc-cwmv

Packagist/getkirby/cms

Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header

2 hours ago

Fix available
Severity - 9.1 (Critical)

GHSA-wr9h-4r83-f4v6

Packagist/getkirby/cms

Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

2 hours ago

Fix available
Severity - 8.5 (High)

GHSA-4v4h-m2qq-ppgw

Packagist/getkirby/cms

Kirby: Request header injection in `Http\Remote`

2 hours ago

Fix available
Severity - 6.9 (Medium)

GHSA-rhj6-r49h-5932

Packagist/getkirby/cms

Kirby: Self cross-site scripting (self-XSS) in the writer field

2 hours ago

Fix available
Severity - 7.4 (High)

GHSA-23q2-54qv-rq5x

Packagist/getkirby/cms

Kirby: `pages.access` permission is not checked in the pages picker for parent pages

2 hours ago

Fix available
Severity - 5.3 (Medium)

GHSA-pmf8-g7c8-7v54

Packagist/getgrav/grav

Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr

2 hours ago

Fix available
Severity - 4.8 (Medium)

GHSA-2f86-9cp8-6hcf

Packagist/getgrav/grav

Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets

2 hours ago

Fix available
Severity - 6.8 (Medium)

DRUPAL-CORE-2026-009

Packagist/drupal/core

See record for full details

22 hours ago

Fix available

DRUPAL-CORE-2026-008

Packagist/drupal/core

See record for full details

22 hours ago

Fix available

DRUPAL-CORE-2026-007

Packagist/drupal/core

See record for full details

22 hours ago

Fix available

DRUPAL-CORE-2026-006

Packagist/drupal/core

See record for full details

22 hours ago

Fix available

DRUPAL-CORE-2026-005

Packagist/drupal/core

See record for full details

22 hours ago

Fix available

GHSA-hhpq-7wg4-36jm

Packagist/cakephp/authentication

CakePHP Authentication: Open redirect weakness via backslash bypass

22 hours ago

Fix available
Severity - 5.1 (Medium)

GHSA-m9cv-24rx-8mv7

Packagist/filament/forms

Filament: Disabled RichEditor field state can be used for XSS

22 hours ago

Fix available
Severity - 7.6 (High)