Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66530?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66530?format=api", "purl": "pkg:composer/statamic/cms@4.34.0", "type": "composer", "namespace": "statamic", "name": "cms", "version": "4.34.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.73.20", "latest_non_vulnerable_version": "6.18.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22753?format=api", "vulnerability_id": "VCID-2h8u-ckde-8fad", "summary": "Statamic is vulnerable to account takeover via password reset link injection\nAn attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf.\n\nThe attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27593", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0447", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27593" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/6fdd03324982848e8754f2edd2265262d361714e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/commit/6fdd03324982848e8754f2edd2265262d361714e" }, { "reference_url": "https://github.com/statamic/cms/commit/78e63dfcf705b116d5ac0f7f7f5a1a69be63d1be", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/commit/78e63dfcf705b116d5ac0f7f7f5a1a69be63d1be" }, { "reference_url": "https://github.com/statamic/cms/commit/b2be592ddfb588bcb88c9be454f3590e14b145b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/commit/b2be592ddfb588bcb88c9be454f3590e14b145b0" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.10" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.3.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.3.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27593", "reference_id": "CVE-2026-27593", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27593" }, { "reference_url": "https://github.com/advisories/GHSA-jxq9-79vj-rgvw", "reference_id": "GHSA-jxq9-79vj-rgvw", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jxq9-79vj-rgvw" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-jxq9-79vj-rgvw", "reference_id": "GHSA-jxq9-79vj-rgvw", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T20:55:56Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-jxq9-79vj-rgvw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73022?format=api", "purl": "pkg:composer/statamic/cms@5.73.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73023?format=api", "purl": "pkg:composer/statamic/cms@6.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.1" } ], "aliases": [ "CVE-2026-27593", "GHSA-jxq9-79vj-rgvw" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2h8u-ckde-8fad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329178?format=api", "vulnerability_id": "VCID-2nav-d5sc-buc2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15392", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33885" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-7f74-7q5w-hj4r", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:59:41Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-7f74-7q5w-hj4r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33885", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33885" }, { "reference_url": "https://github.com/advisories/GHSA-7f74-7q5w-hj4r", "reference_id": "GHSA-7f74-7q5w-hj4r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7f74-7q5w-hj4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-33885", "GHSA-7f74-7q5w-hj4r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nav-d5sc-buc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/332476?format=api", "vulnerability_id": "VCID-3ecw-t3fm-3fh4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28238", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41175" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:56:00Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41175", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41175" }, { "reference_url": "https://github.com/advisories/GHSA-4jjr-vmv7-wh4w", "reference_id": "GHSA-4jjr-vmv7-wh4w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jjr-vmv7-wh4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/188518?format=api", "purl": "pkg:composer/statamic/cms@5.73.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/188519?format=api", "purl": "pkg:composer/statamic/cms@6.13.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.13.0" } ], "aliases": [ "CVE-2026-41175", "GHSA-4jjr-vmv7-wh4w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ecw-t3fm-3fh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22869?format=api", "vulnerability_id": "VCID-5ukf-bhcd-suhw", "summary": "Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs\nAn authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability.\n\nExploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40461", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28425" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.16" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.7.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.7.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28425", "reference_id": "CVE-2026-28425", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28425" }, { "reference_url": "https://github.com/advisories/GHSA-cpv7-q2wx-m8rw", "reference_id": "GHSA-cpv7-q2wx-m8rw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cpv7-q2wx-m8rw" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-cpv7-q2wx-m8rw", "reference_id": "GHSA-cpv7-q2wx-m8rw", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-02T19:36:43Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-cpv7-q2wx-m8rw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-28425", "GHSA-cpv7-q2wx-m8rw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ukf-bhcd-suhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19341?format=api", "vulnerability_id": "VCID-99m5-7a9g-2bef", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStatamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the \"copy password reset link\" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/177133/Statamic-CMS-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:19:41Z/" } ], "url": "http://packetstormsecurity.com/files/177133/Statamic-CMS-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0144", "scoring_system": "epss", "scoring_elements": "0.81035", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24570" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Feb/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:19:41Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Feb/17" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24570", "reference_id": "CVE-2024-24570", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24570" }, { "reference_url": "https://github.com/advisories/GHSA-vqxq-hvxw-9mv9", "reference_id": "GHSA-vqxq-hvxw-9mv9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqxq-hvxw-9mv9" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9", "reference_id": "GHSA-vqxq-hvxw-9mv9", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:19:41Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67479?format=api", "purl": "pkg:composer/statamic/cms@4.46.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-t84q-nyyv-9kar" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@4.46.0" } ], "aliases": [ "CVE-2024-24570", "GHSA-vqxq-hvxw-9mv9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99m5-7a9g-2bef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22866?format=api", "vulnerability_id": "VCID-cdfx-dkc6-suha", "summary": "Statamic Vulnerable to Server-Side Request Forgery via Glide\nWhen Glide image manipulation is used in insecure mode (which is *not* the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal services, cloud metadata endpoints, and other hosts reachable from the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07467", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28423" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T21:48:27Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.11" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T21:48:27Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.4.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28423", "reference_id": "CVE-2026-28423", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28423" }, { "reference_url": "https://github.com/advisories/GHSA-cwpp-325q-2cvp", "reference_id": "GHSA-cwpp-325q-2cvp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwpp-325q-2cvp" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp", "reference_id": "GHSA-cwpp-325q-2cvp", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T21:48:27Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-cwpp-325q-2cvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73153?format=api", "purl": "pkg:composer/statamic/cms@5.73.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/73116?format=api", "purl": "pkg:composer/statamic/cms@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-5y64-24w6-1uev" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.4.0" } ], "aliases": [ "CVE-2026-28423", "GHSA-cwpp-325q-2cvp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdfx-dkc6-suha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22678?format=api", "vulnerability_id": "VCID-cz95-w9j3-mufn", "summary": "Statamic affected by privilege escalation via stored cross-site scripting\nStored XSS vulnerability in `html` fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02781", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27196" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/11ae40e62edd3da044d37ebf264757a09cc2347b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:59:04Z/" } ], "url": "https://github.com/statamic/cms/commit/11ae40e62edd3da044d37ebf264757a09cc2347b" }, { "reference_url": "https://github.com/statamic/cms/commit/6c270dacc2be02bfc2eee500766f3309f59d47b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:59:04Z/" } ], "url": "https://github.com/statamic/cms/commit/6c270dacc2be02bfc2eee500766f3309f59d47b3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27196", "reference_id": "CVE-2026-27196", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27196" }, { "reference_url": "https://github.com/advisories/GHSA-8r7r-f4gm-wcpq", "reference_id": "GHSA-8r7r-f4gm-wcpq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r7r-f4gm-wcpq" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-8r7r-f4gm-wcpq", "reference_id": "GHSA-8r7r-f4gm-wcpq", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:59:04Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-8r7r-f4gm-wcpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72951?format=api", "purl": "pkg:composer/statamic/cms@5.73.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/72950?format=api", "purl": "pkg:composer/statamic/cms@6.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-5y64-24w6-1uev" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-ecbj-1cp6-hbba" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.3.2" } ], "aliases": [ "CVE-2026-27196", "GHSA-8r7r-f4gm-wcpq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cz95-w9j3-mufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18880?format=api", "vulnerability_id": "VCID-dehx-x78k-7uf5", "summary": "Cross-site Scripting via uploaded assets\nStatamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the \"Forms\" feature containing an assets field, or within the control panel which requires authentication. This issue has been patched on 3.4.15 and 4.36.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00953", "scoring_system": "epss", "scoring_elements": "0.76719", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48701" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v3.4.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v3.4.15" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v4.36.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v4.36.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48701", "reference_id": "CVE-2023-48701", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48701" }, { "reference_url": "https://github.com/advisories/GHSA-8jjh-j3c2-cjcv", "reference_id": "GHSA-8jjh-j3c2-cjcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jjh-j3c2-cjcv" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv", "reference_id": "GHSA-8jjh-j3c2-cjcv", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-8jjh-j3c2-cjcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66648?format=api", "purl": "pkg:composer/statamic/cms@4.36.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-99m5-7a9g-2bef" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-t84q-nyyv-9kar" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@4.36.0" } ], "aliases": [ "CVE-2023-48701", "GHSA-8jjh-j3c2-cjcv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dehx-x78k-7uf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329175?format=api", "vulnerability_id": "VCID-e9pw-5s2v-yqct", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22006", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33882" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-cvh3-23vq-w7h4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:42Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-cvh3-23vq-w7h4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33882" }, { "reference_url": "https://github.com/advisories/GHSA-cvh3-23vq-w7h4", "reference_id": "GHSA-cvh3-23vq-w7h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvh3-23vq-w7h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-33882", "GHSA-cvh3-23vq-w7h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9pw-5s2v-yqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20720?format=api", "vulnerability_id": "VCID-fgyv-vuu6-vbhq", "summary": "Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation\nStored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users.\n\nThis affects:\n\n- Control panel users with permission to create or edit Collections and Taxonomies\n- Versions up to and including 5.22.0\n\nThe vulnerability can be exploited to:\n\n- Change a super admin's password (versions ≤ 5.21.0)\n- Change a super admin's email address to initiate password reset (version 5.22.0)\n- Gain unauthorized access to superadmin accounts\n\nThe attack requires:\n\n- An authenticated user with control panel and content creation permissions\n- A super admin to view the compromised content", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11536", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64112" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/e513751f433679ce698606e20c554a0c839987c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T17:57:49Z/" } ], "url": "https://github.com/statamic/cms/commit/e513751f433679ce698606e20c554a0c839987c1" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.22.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.22.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64112", "reference_id": "CVE-2025-64112", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64112" }, { "reference_url": "https://github.com/advisories/GHSA-g59r-24g3-h7cm", "reference_id": "GHSA-g59r-24g3-h7cm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g59r-24g3-h7cm" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-g59r-24g3-h7cm", "reference_id": "GHSA-g59r-24g3-h7cm", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T17:57:49Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-g59r-24g3-h7cm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70094?format=api", "purl": "pkg:composer/statamic/cms@5.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.22.1" } ], "aliases": [ "CVE-2025-64112", "GHSA-g59r-24g3-h7cm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgyv-vuu6-vbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/328614?format=api", "vulnerability_id": "VCID-fjkd-mnrz-hkh2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02713", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33177" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-wh3h-gvc4-cc2g", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T16:49:16Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-wh3h-gvc4-cc2g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33177", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33177" }, { "reference_url": "https://github.com/advisories/GHSA-wh3h-gvc4-cc2g", "reference_id": "GHSA-wh3h-gvc4-cc2g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh3h-gvc4-cc2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189794?format=api", "purl": "pkg:composer/statamic/cms@5.73.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/189793?format=api", "purl": "pkg:composer/statamic/cms@6.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.0" } ], "aliases": [ "CVE-2026-33177", "GHSA-wh3h-gvc4-cc2g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjkd-mnrz-hkh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329177?format=api", "vulnerability_id": "VCID-hnye-658u-yfcx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10536", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33884" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-8vwx-ccf6-5wg2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T15:37:18Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-8vwx-ccf6-5wg2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33884" }, { "reference_url": "https://github.com/advisories/GHSA-8vwx-ccf6-5wg2", "reference_id": "GHSA-8vwx-ccf6-5wg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vwx-ccf6-5wg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-33884", "GHSA-8vwx-ccf6-5wg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnye-658u-yfcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22867?format=api", "vulnerability_id": "VCID-kctx-wwrz-eyab", "summary": "Statamic's missing authorization allows access to email addresses\nUser email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the “view users” permission.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13172", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28424" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T19:35:55Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.11" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T19:35:55Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.4.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28424", "reference_id": "CVE-2026-28424", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28424" }, { "reference_url": "https://github.com/advisories/GHSA-w878-f8c6-7r63", "reference_id": "GHSA-w878-f8c6-7r63", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w878-f8c6-7r63" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-w878-f8c6-7r63", "reference_id": "GHSA-w878-f8c6-7r63", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T19:35:55Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-w878-f8c6-7r63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73153?format=api", "purl": "pkg:composer/statamic/cms@5.73.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/73116?format=api", "purl": "pkg:composer/statamic/cms@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-5y64-24w6-1uev" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.4.0" } ], "aliases": [ "CVE-2026-28424", "GHSA-w878-f8c6-7r63" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kctx-wwrz-eyab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329180?format=api", "vulnerability_id": "VCID-s55s-2gzg-13c2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08507", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33887" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-4hp7-3wxg-cv9q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T18:54:14Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-4hp7-3wxg-cv9q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33887", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33887" }, { "reference_url": "https://github.com/advisories/GHSA-4hp7-3wxg-cv9q", "reference_id": "GHSA-4hp7-3wxg-cv9q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hp7-3wxg-cv9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-33887", "GHSA-4hp7-3wxg-cv9q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s55s-2gzg-13c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22523?format=api", "vulnerability_id": "VCID-smz3-etqw-q7fv", "summary": "Statamic CMS's missing authorization allows access to assets\nUsers without permission to view assets are able are able to download them and view their metadata.\n\nLogged-out users and users without permission to access the control panel are unable to take advantage of this.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02597", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25633" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-12T21:19:30Z/" } ], "url": "https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8a" }, { "reference_url": "https://github.com/statamic/cms/pull/13883", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/pull/13883" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-12T21:19:30Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.6" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.2.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-12T21:19:30Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.2.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25633", "reference_id": "CVE-2026-25633", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25633" }, { "reference_url": "https://github.com/advisories/GHSA-gwmx-9gcj-332h", "reference_id": "GHSA-gwmx-9gcj-332h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwmx-9gcj-332h" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-gwmx-9gcj-332h", "reference_id": "GHSA-gwmx-9gcj-332h", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-12T21:19:30Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-gwmx-9gcj-332h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72797?format=api", "purl": "pkg:composer/statamic/cms@5.73.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/72798?format=api", "purl": "pkg:composer/statamic/cms@6.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-5y64-24w6-1uev" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-ecbj-1cp6-hbba" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.2.5" } ], "aliases": [ "CVE-2026-25633", "GHSA-gwmx-9gcj-332h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smz3-etqw-q7fv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22871?format=api", "vulnerability_id": "VCID-sw5p-h53c-wkhb", "summary": "Statamic vulnerable to privilege escalation via stored cross-site scripting\nStored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02198", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-28426" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v5.73.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-02T19:38:52Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v5.73.11" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v6.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-02T19:38:52Z/" } ], "url": "https://github.com/statamic/cms/releases/tag/v6.4.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28426", "reference_id": "CVE-2026-28426", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28426" }, { "reference_url": "https://github.com/advisories/GHSA-5vrj-wf7v-5wr7", "reference_id": "GHSA-5vrj-wf7v-5wr7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5vrj-wf7v-5wr7" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-5vrj-wf7v-5wr7", "reference_id": "GHSA-5vrj-wf7v-5wr7", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-02T19:38:52Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-5vrj-wf7v-5wr7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73153?format=api", "purl": "pkg:composer/statamic/cms@5.73.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/73116?format=api", "purl": "pkg:composer/statamic/cms@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-5y64-24w6-1uev" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.4.0" } ], "aliases": [ "CVE-2026-28426", "GHSA-5vrj-wf7v-5wr7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw5p-h53c-wkhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/329176?format=api", "vulnerability_id": "VCID-t5kq-pvrj-t7fy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10928", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33883" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-3jg4-p23x-p4qx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T18:56:43Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-3jg4-p23x-p4qx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33883", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33883" }, { "reference_url": "https://github.com/advisories/GHSA-3jg4-p23x-p4qx", "reference_id": "GHSA-3jg4-p23x-p4qx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3jg4-p23x-p4qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73155?format=api", "purl": "pkg:composer/statamic/cms@5.73.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/73156?format=api", "purl": "pkg:composer/statamic/cms@6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ecw-t3fm-3fh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.2" } ], "aliases": [ "CVE-2026-33883", "GHSA-3jg4-p23x-p4qx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5kq-pvrj-t7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/269982?format=api", "vulnerability_id": "VCID-t84q-nyyv-9kar", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.60089", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52600" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/" } ], "url": "https://github.com/statamic/cms/commit/0c07c10009a2439c8ee56c8faefd1319dc6e388d" }, { "reference_url": "https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/" } ], "url": "https://github.com/statamic/cms/commit/400875b20f40e1343699d536a432a6fc284346da" }, { "reference_url": "https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/" } ], "url": "https://github.com/statamic/cms/commit/4cc2c9bd0f39a93b3fc7e9ef0f12792576fd380d" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-20T16:41:07Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-p7f6-8mcm-fwv3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52600", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52600" }, { "reference_url": "https://github.com/advisories/GHSA-p7f6-8mcm-fwv3", "reference_id": "GHSA-p7f6-8mcm-fwv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p7f6-8mcm-fwv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187885?format=api", "purl": "pkg:composer/statamic/cms@5.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.17.0" } ], "aliases": [ "CVE-2024-52600", "GHSA-p7f6-8mcm-fwv3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t84q-nyyv-9kar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/328608?format=api", "vulnerability_id": "VCID-x5p5-ez6j-2qe8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33171" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-qm7r-wwq7-6f85", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-23T20:52:53Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-qm7r-wwq7-6f85" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33171", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33171" }, { "reference_url": "https://github.com/advisories/GHSA-qm7r-wwq7-6f85", "reference_id": "GHSA-qm7r-wwq7-6f85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm7r-wwq7-6f85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189794?format=api", "purl": "pkg:composer/statamic/cms@5.73.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/189793?format=api", "purl": "pkg:composer/statamic/cms@6.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.0" } ], "aliases": [ "CVE-2026-33171", "GHSA-qm7r-wwq7-6f85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5p5-ez6j-2qe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/328609?format=api", "vulnerability_id": "VCID-xj5k-a1we-7ffx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02668", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33172" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-7rcv-55mj-chg7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T13:46:09Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-7rcv-55mj-chg7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33172", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33172" }, { "reference_url": "https://github.com/advisories/GHSA-7rcv-55mj-chg7", "reference_id": "GHSA-7rcv-55mj-chg7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rcv-55mj-chg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189794?format=api", "purl": "pkg:composer/statamic/cms@5.73.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@5.73.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/189793?format=api", "purl": "pkg:composer/statamic/cms@6.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-x2e6-zs8r-syem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@6.7.0" } ], "aliases": [ "CVE-2026-33172", "GHSA-7rcv-55mj-chg7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj5k-a1we-7ffx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18805?format=api", "vulnerability_id": "VCID-1r77-f41m-gygc", "summary": "Statamic CMS vulnerable to remote code execution via form uploads\nStatamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the \"Forms\" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01048", "scoring_system": "epss", "scoring_elements": "0.77819", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48217" }, { "reference_url": "https://github.com/statamic/cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms" }, { "reference_url": "https://github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:01:51Z/" } ], "url": "https://github.com/statamic/cms/commit/4c6fe041e2203a8033e5949ce4a5d9d6c0ad2411" }, { "reference_url": "https://github.com/statamic/cms/commit/da28afde818d605179fbb63b96eabafabad876b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/commit/da28afde818d605179fbb63b96eabafabad876b6" }, { "reference_url": "https://github.com/statamic/cms/pull/8991", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/pull/8991" }, { "reference_url": "https://github.com/statamic/cms/pull/8992", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/pull/8992" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v3.4.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v3.4.14" }, { "reference_url": "https://github.com/statamic/cms/releases/tag/v4.34.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/statamic/cms/releases/tag/v4.34.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48217", "reference_id": "CVE-2023-48217", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48217" }, { "reference_url": "https://github.com/advisories/GHSA-2r53-9295-3m86", "reference_id": "GHSA-2r53-9295-3m86", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r53-9295-3m86" }, { "reference_url": "https://github.com/statamic/cms/security/advisories/GHSA-2r53-9295-3m86", "reference_id": "GHSA-2r53-9295-3m86", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-30T14:01:51Z/" } ], "url": "https://github.com/statamic/cms/security/advisories/GHSA-2r53-9295-3m86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66529?format=api", "purl": "pkg:composer/statamic/cms@3.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-99m5-7a9g-2bef" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-dehx-x78k-7uf5" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-t84q-nyyv-9kar" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@3.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/612587?format=api", "purl": "pkg:composer/statamic/cms@4.0.0-alpha.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-py47-fmfr-hbh6" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-t84q-nyyv-9kar" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@4.0.0-alpha.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66530?format=api", "purl": "pkg:composer/statamic/cms@4.34.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h8u-ckde-8fad" }, { "vulnerability": "VCID-2nav-d5sc-buc2" }, { "vulnerability": "VCID-3ecw-t3fm-3fh4" }, { "vulnerability": "VCID-5ukf-bhcd-suhw" }, { "vulnerability": "VCID-99m5-7a9g-2bef" }, { "vulnerability": "VCID-cdfx-dkc6-suha" }, { "vulnerability": "VCID-cz95-w9j3-mufn" }, { "vulnerability": "VCID-dehx-x78k-7uf5" }, { "vulnerability": "VCID-e9pw-5s2v-yqct" }, { "vulnerability": "VCID-fgyv-vuu6-vbhq" }, { "vulnerability": "VCID-fjkd-mnrz-hkh2" }, { "vulnerability": "VCID-hnye-658u-yfcx" }, { "vulnerability": "VCID-kctx-wwrz-eyab" }, { "vulnerability": "VCID-s55s-2gzg-13c2" }, { "vulnerability": "VCID-smz3-etqw-q7fv" }, { "vulnerability": "VCID-sw5p-h53c-wkhb" }, { "vulnerability": "VCID-t5kq-pvrj-t7fy" }, { "vulnerability": "VCID-t84q-nyyv-9kar" }, { "vulnerability": "VCID-x5p5-ez6j-2qe8" }, { "vulnerability": "VCID-xj5k-a1we-7ffx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@4.34.0" } ], "aliases": [ "CVE-2023-48217", "GHSA-2r53-9295-3m86" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r77-f41m-gygc" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/statamic/cms@4.34.0" }