Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/cakephp/cakephp@3.6.4
purl pkg:composer/cakephp/cakephp@3.6.4
Next non-vulnerable version 3.6.15
Latest non-vulnerable version 5.3.1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-2ggf-ncwr-tkea
Aliases:
CVE-2019-11458
GHSA-qhrx-hcm6-pmrw
3.6.15
Affected by 0 other vulnerabilities.
3.7.7
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-18rn-zksv-h3e3 Cross-site Scripting XSS in some development error pages. GMS-2018-50
VCID-yxh5-mzgj-2fhe Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cakephp/cakephp. GHSA-xwhj-pqcg-8rcr
GMS-2023-72

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T21:34:58.365673+00:00 GHSA Importer Fixing VCID-yxh5-mzgj-2fhe https://github.com/advisories/GHSA-xwhj-pqcg-8rcr 38.6.0
2026-05-31T11:05:43.097980+00:00 GithubOSV Importer Fixing VCID-yxh5-mzgj-2fhe https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-xwhj-pqcg-8rcr/GHSA-xwhj-pqcg-8rcr.json 38.6.0
2026-05-31T10:01:03.423871+00:00 GitLab Importer Affected by VCID-2ggf-ncwr-tkea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/CVE-2019-11458.yml 38.6.0
2026-05-30T20:59:32.552797+00:00 GitLab Importer Fixing VCID-yxh5-mzgj-2fhe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2023-72.yml 38.6.0
2026-05-30T20:53:36.625220+00:00 GitLab Importer Fixing VCID-18rn-zksv-h3e3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/cakephp/cakephp/GMS-2018-50.yml 38.6.0