Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:nuget/UmbracoCms@12.3.0
purl pkg:nuget/UmbracoCms@12.3.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-1rkh-7s4e-vyen Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue. CVE-2023-49089
GHSA-6324-52pr-h4p5
VCID-s3pr-pezb-4qf4 Incorrect Authorization Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. CVE-2023-48227
GHSA-335x-5wcm-8jv2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:46:34.404637+00:00 GitLab Importer Fixing VCID-1rkh-7s4e-vyen https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/UmbracoCms/CVE-2023-49089.yml 38.6.0
2026-06-02T04:46:33.677236+00:00 GitLab Importer Fixing VCID-s3pr-pezb-4qf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/UmbracoCms/CVE-2023-48227.yml 38.6.0