{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","type":"composer","namespace":"getkirby","name":"cms","version":"5.4.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.0.0-alpha.1","latest_non_vulnerable_version":"6.0.0-alpha.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213032?format=json","vulnerability_id":"VCID-5acg-5t6t-5ybv","summary":"Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44177","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33309","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44177"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-9hx7-c53c-v6x8","reference_id":"GHSA-9hx7-c53c-v6x8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hx7-c53c-v6x8"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-9hx7-c53c-v6x8","reference_id":"GHSA-9hx7-c53c-v6x8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-9hx7-c53c-v6x8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-44177","GHSA-9hx7-c53c-v6x8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5acg-5t6t-5ybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213031?format=json","vulnerability_id":"VCID-jkcv-nc7m-j3dp","summary":"Kirby CMS's `pages.access` permission is not checked during rendering of page drafts","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44176","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10093","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44176"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/4.9.1","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/4.9.1"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-2xw4-v2wx-hqq9","reference_id":"GHSA-2xw4-v2wx-hqq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xw4-v2wx-hqq9"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-2xw4-v2wx-hqq9","reference_id":"GHSA-2xw4-v2wx-hqq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-2xw4-v2wx-hqq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41521?format=json","purl":"pkg:composer/getkirby/cms@4.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-44176","GHSA-2xw4-v2wx-hqq9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkcv-nc7m-j3dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213030?format=json","vulnerability_id":"VCID-ngz6-fm9j-4ucy","summary":"Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44175","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12414","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44175"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/4.9.1","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/4.9.1"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-5fhx-9q32-q257","reference_id":"GHSA-5fhx-9q32-q257","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fhx-9q32-q257"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-5fhx-9q32-q257","reference_id":"GHSA-5fhx-9q32-q257","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-5fhx-9q32-q257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41521?format=json","purl":"pkg:composer/getkirby/cms@4.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-44175","GHSA-5fhx-9q32-q257"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngz6-fm9j-4ucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213047?format=json","vulnerability_id":"VCID-qbq9-a8cw-5ugu","summary":"Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45334","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10093","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45334"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/4.9.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/4.9.1"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-39vq-49qm-r2mc","reference_id":"GHSA-39vq-49qm-r2mc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-39vq-49qm-r2mc"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-39vq-49qm-r2mc","reference_id":"GHSA-39vq-49qm-r2mc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-39vq-49qm-r2mc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41521?format=json","purl":"pkg:composer/getkirby/cms@4.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-45334","GHSA-39vq-49qm-r2mc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbq9-a8cw-5ugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213029?format=json","vulnerability_id":"VCID-xz7d-pny6-gkf7","summary":"Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44174","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21785","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44174"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/4.9.1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/4.9.1"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-86rh-h242-j8xp","reference_id":"GHSA-86rh-h242-j8xp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86rh-h242-j8xp"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-86rh-h242-j8xp","reference_id":"GHSA-86rh-h242-j8xp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-86rh-h242-j8xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41521?format=json","purl":"pkg:composer/getkirby/cms@4.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-44174","GHSA-86rh-h242-j8xp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz7d-pny6-gkf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/213049?format=json","vulnerability_id":"VCID-zuh5-yybj-h7er","summary":"Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45368","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19678","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45368"},{"reference_url":"https://github.com/getkirby/kirby","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/4.9.1","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/4.9.1"},{"reference_url":"https://github.com/getkirby/kirby/releases/tag/5.4.1","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/releases/tag/5.4.1"},{"reference_url":"https://github.com/advisories/GHSA-qvjf-922g-pj44","reference_id":"GHSA-qvjf-922g-pj44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvjf-922g-pj44"},{"reference_url":"https://github.com/getkirby/kirby/security/advisories/GHSA-qvjf-922g-pj44","reference_id":"GHSA-qvjf-922g-pj44","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/getkirby/kirby/security/advisories/GHSA-qvjf-922g-pj44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41521?format=json","purl":"pkg:composer/getkirby/cms@4.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/41523?format=json","purl":"pkg:composer/getkirby/cms@5.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}],"aliases":["CVE-2026-45368","GHSA-qvjf-922g-pj44"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuh5-yybj-h7er"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/getkirby/cms@5.4.1"}