Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/statamic/cms@6.7.2
purl pkg:composer/statamic/cms@6.7.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-2nav-d5sc-buc2 CVE-2026-33885
GHSA-7f74-7q5w-hj4r
VCID-5ukf-bhcd-suhw Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. CVE-2026-28425
GHSA-cpv7-q2wx-m8rw
VCID-e9pw-5s2v-yqct CVE-2026-33882
GHSA-cvh3-23vq-w7h4
VCID-hnye-658u-yfcx CVE-2026-33884
GHSA-8vwx-ccf6-5wg2
VCID-s55s-2gzg-13c2 CVE-2026-33887
GHSA-4hp7-3wxg-cv9q
VCID-t5kq-pvrj-t7fy CVE-2026-33883
GHSA-3jg4-p23x-p4qx
VCID-x2e6-zs8r-syem CVE-2026-33886
GHSA-gcqf-5x9f-hq7f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T10:56:26.454502+00:00 GithubOSV Importer Fixing VCID-t5kq-pvrj-t7fy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3jg4-p23x-p4qx/GHSA-3jg4-p23x-p4qx.json 38.6.0
2026-05-31T10:56:20.845868+00:00 GithubOSV Importer Fixing VCID-hnye-658u-yfcx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-8vwx-ccf6-5wg2/GHSA-8vwx-ccf6-5wg2.json 38.6.0
2026-05-31T10:56:01.094434+00:00 GithubOSV Importer Fixing VCID-2nav-d5sc-buc2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-7f74-7q5w-hj4r/GHSA-7f74-7q5w-hj4r.json 38.6.0
2026-05-31T10:55:39.918646+00:00 GithubOSV Importer Fixing VCID-e9pw-5s2v-yqct https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cvh3-23vq-w7h4/GHSA-cvh3-23vq-w7h4.json 38.6.0
2026-05-31T10:54:53.703003+00:00 GithubOSV Importer Fixing VCID-5ukf-bhcd-suhw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cpv7-q2wx-m8rw/GHSA-cpv7-q2wx-m8rw.json 38.6.0
2026-05-31T10:54:53.520874+00:00 GithubOSV Importer Fixing VCID-x2e6-zs8r-syem https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-gcqf-5x9f-hq7f/GHSA-gcqf-5x9f-hq7f.json 38.6.0
2026-05-31T10:54:30.162892+00:00 GithubOSV Importer Fixing VCID-s55s-2gzg-13c2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-4hp7-3wxg-cv9q/GHSA-4hp7-3wxg-cv9q.json 38.6.0
2026-05-31T01:08:02.441812+00:00 GHSA Importer Fixing VCID-5ukf-bhcd-suhw https://github.com/advisories/GHSA-cpv7-q2wx-m8rw 38.6.0
2026-05-30T21:07:22.418115+00:00 GitLab Importer Fixing VCID-5ukf-bhcd-suhw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-28425.yml 38.6.0