Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/contao/core@2.0.0
purl pkg:composer/contao/core@2.0.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-5639-8xt3-8ugc
Aliases:
GMS-2014-36
Improper Input Validation Insufficient input validation allows for code injection and remote execution.
2.11.17
Affected by 5 other vulnerabilities.
3.2.9
Affected by 6 other vulnerabilities.
3.2.11
Affected by 6 other vulnerabilities.
VCID-7nh2-bb7m-3udz
Aliases:
GHSA-wq43-8r5p-w3mc
contao/core PHP object injection vulnerability allows for arbitrary code execution PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to `deserialize()` function.
2.11.14
Affected by 8 other vulnerabilities.
3.2.5
Affected by 9 other vulnerabilities.
VCID-m28p-n6vz-zuhw
Aliases:
GHSA-wxxw-5gq6-j2g5
contao/core Insufficient input validation allows for code injection and remote execution contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change pathconfig.php by entering a URL, meaning that the entire Contao installation will no longer be accessible or malicious code can be executed.
2.11.17
Affected by 5 other vulnerabilities.
3.2.9
Affected by 6 other vulnerabilities.
VCID-stup-et3v-5kgp
Aliases:
CVE-2015-0269
GHSA-4r6g-xhx7-fm36
Path Traversal Directory traversal vulnerability in Contao allows remote authenticated `back end` users to view files outside their file mounts or the document root via unspecified vectors.
3.0.0
Affected by 10 other vulnerabilities.
3.2.19
Affected by 6 other vulnerabilities.
3.4.4
Affected by 6 other vulnerabilities.
VCID-u721-yafq-bkc7
Aliases:
GMS-2014-35
Code Injection PHP object injection vulnerability allows for arbitrary code execution.
2.11.16
Affected by 7 other vulnerabilities.
3.2.7
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:43:00.653112+00:00 GHSA Importer Affected by VCID-7nh2-bb7m-3udz https://github.com/advisories/GHSA-wq43-8r5p-w3mc 38.6.0
2026-06-05T21:43:00.565921+00:00 GHSA Importer Affected by VCID-m28p-n6vz-zuhw https://github.com/advisories/GHSA-wxxw-5gq6-j2g5 38.6.0
2026-06-04T16:21:42.650356+00:00 GitLab Importer Affected by VCID-m28p-n6vz-zuhw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/GHSA-wxxw-5gq6-j2g5.yml 38.6.0
2026-06-04T16:21:42.482088+00:00 GitLab Importer Affected by VCID-7nh2-bb7m-3udz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/GHSA-wq43-8r5p-w3mc.yml 38.6.0
2026-06-02T04:36:55.045630+00:00 GitLab Importer Affected by VCID-stup-et3v-5kgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/CVE-2015-0269.yml 38.6.0
2026-06-02T04:36:14.778674+00:00 GitLab Importer Affected by VCID-5639-8xt3-8ugc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/GMS-2014-36.yml 38.6.0
2026-06-02T04:36:13.493564+00:00 GitLab Importer Affected by VCID-u721-yafq-bkc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core/GMS-2014-35.yml 38.6.0