flarum/framework Security Advisories (4)
-
[MEDIUM] Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
PKSA-p7h1-3152-gpfx CVE-2025-27794 GHSA-hg9j-64wp-m9px
Affected version: <1.8.10
Reported by:
GitHub -
[MEDIUM] Flarum's logout Route allows open redirects
PKSA-8vds-sy58-91p8 CVE-2024-21641 GHSA-733r-8xcp-w9mr
Affected version: <1.8.5
Reported by:
GitHub -
[HIGH] Flarum vulnerable to LFI and Blind SSRF via Avatar upload
PKSA-4zyn-nz6f-g7kq CVE-2023-40033 GHSA-67c6-q4j4-hccg
Affected version: <1.8.0
Reported by:
GitHub -
[MEDIUM] Flarum Core Leaks PII
PKSA-h3m8-h2km-bggc CVE-2018-19133 GHSA-p6m5-x83r-hqmr
Affected version: <=0.1.0-beta.7.1
Reported by:
GitHub