Vulnerability Database

318,638

Total vulnerabilities in the database

Vulnerabilities for products matching "framework"

Found 16 matching products. Filters apply to all results.

You can search for specific versions with /product/framework/1.2.3

horde / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2007-6018
Medium January 11, 2008 1/11/08
== 3.1.5

zend / framework

3 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2015-0270
Critical October 25, 2019 10/25/19
>= 2.3.0 < 2.3.5
< 2.2.10
CVE-2011-3825
Medium September 24, 2011 9/24/11
== 1.11.3
CVE-2009-4417
Medium December 24, 2009 12/24/09
== 0.9.0-beta
== 1.7.3
== 1.9.0-beta_1
== 1.9.2
== 1.7.5
== 1.0.0
== 0.1.3-preview
== 1.5.2
== 0.9.1-beta
== 0.8.0-preview
== 1.9.0-alpha_1
== 1.0.0-rc1
== 1.5.1
== 1.7.7
== 1.0.1
== 1.5.3
== 1.9
== 1.7.2
== 1.7.8
== 0.1.5-preview
<= 1.9.6
== 1.0.0-rc3
== 1.9.0-rc1
== 1.5.0
== 1.7.1
== 1.5.0-rc1
== 1.8.0-alpha_1
== 1.0.0-rc2
== 1.7.0
== 1.6.0-rc3
== 1.6.2
== 1.8.3
== 1.6.0-rc2
== 1.5.0-rc2
== 1.9.5
== 1.5.0-rc3
== 1.8.2
== 1.8.0-beta_1
== 1.8.0
== 1.6.1
== 1.0.2
== 1.7.0-preview
== 1.7.6
== 1.9.1
== 1.0.4
== 0.9.2-beta
== 1.9.0
== 0.9.3-beta
== 1.6.0
== 1.8.1
== 1.7.4
== 0.6.0-preview
== 1.9.3
== 0.1.4-preview
== 0.2.0-preview
== 1.9.4
== 1.6.0-rc1
== 1.8.4
== 0.7.0-preview
== 1.0.3
== 1.5.0-preview

themify / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2013-20002
Critical June 17, 2021 6/17/21
< 1.2.2

schben / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2019-14987
Low August 13, 2019 8/13/19
<= 2.0.7

adive / framework

5 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2024-4337
High April 30, 2024 4/30/24
== 2.0.8
CVE-2024-4336
High April 30, 2024 4/30/24
== 2.0.8
CVE-2020-7989
Medium January 26, 2020 1/26/20
== 2.0.8
CVE-2020-7990
Medium January 26, 2020 1/26/20
== 2.0.8
CVE-2020-7991
High January 26, 2020 1/26/20
== 2.0.8
Composer icon

laravel / framework

22 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2024-13918
Medium March 10, 2025 3/10/25
>= 11.9.0 < 11.36.0
CVE-2024-13919
Medium March 10, 2025 3/10/25
>= 11.9.0 < 11.36.0
CVE-2025-27515
Medium March 5, 2025 3/5/25
>= 12.0.0 < 12.1.1
>= 11.0.0 < 11.44.1
< 10.48.29
< 11.44.1
CVE-2024-52301
High November 12, 2024 11/12/24
< 6.20.45
>= 7.0.0 < 7.30.7
>= 8.0.0 < 8.83.28
>= 9.0.0 < 9.52.17
>= 10.0.0 < 10.48.23
>= 11.0.0 < 11.31.0
laravel framework SQL Injection via limit and offset functions
High May 15, 2024 5/15/24
>= 6.0.0 < 6.20.26
>= 7.0.0 < 7.30.5
>= 8.0.0 < 8.40.0
laravel framework Unexpected database bindings via requests
High May 15, 2024 5/15/24
>= 6.0.0 < 6.20.14
>= 7.0.0 < 7.30.4
>= 8.0.0 < 8.24.0
Laravel Guard bypass in Eloquent models
Medium May 15, 2024 5/15/24
>= 5.5.0 <= 5.5.49
>= 6.0.0 < 6.18.34
>= 7.0.0 < 7.23.2
Laravel RCE vulnerability in "cookie" session driver
Critical May 15, 2024 5/15/24
>= 4.1.0 < 6.18.31
>= 7.0.0 < 7.22.4
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Medium May 15, 2024 5/15/24
>= 7.0.0 < 7.1.2
Laravel Cookie serialization vulnerability
High May 15, 2024 5/15/24
>= 5.5.0 < 5.6.30
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Medium May 15, 2024 5/15/24
< 5.5.40
>= 5.6.0 < 5.6.15
Laravel Hijacked authentication cookies vulnerability
Medium May 15, 2024 5/15/24
>= 4.0.0 < 4.1.26
Laravel Risk of mass-assignment vulnerabilities
Medium May 15, 2024 5/15/24
>= 4.0.0 < 4.1.29
CVE-2022-40482
Medium April 25, 2023 4/25/23
>= 8.0.0 < 8.83.24
>= 9.0.0 < 9.32.0
CVE-2020-19316
High December 20, 2021 12/20/21
< 5.8.17
CVE-2021-43808
Medium December 8, 2021 12/8/21
< 6.20.42
>= 7.0.0 < 7.30.6
>= 8.0.0 < 8.75.0
CVE-2021-43617
Critical November 14, 2021 11/14/21
<= 8.70.2
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
High April 29, 2021 4/29/21
>= 8.0.0 < 8.40.0
< 6.20.26
Unexpected database bindings
High February 2, 2021 2/2/21
< 6.20.14
>= 7.0.0 < 7.30.4
>= 8.0.0 < 8.24.0
CVE-2021-21263
High January 19, 2021 1/19/21
< 6.20.12
>= 7.0.0 < 7.30.3
>= 8.0.0 < 8.22.1
CVE-2020-24941
High September 4, 2020 9/4/20
< 6.18.35
>= 7.0.0 < 7.24.0
CVE-2018-6330
Medium March 28, 2019 3/28/19
== 5.4.15
Composer icon

codeigniter4 / framework

13 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2025-54418
Critical July 28, 2025 7/28/25
< 4.6.2
CVE-2025-45406
Medium July 25, 2025 7/25/25
<= 4.6.2
CVE-2025-24013
Medium January 21, 2025 1/21/25
< 4.5.8
CVE-2024-29904
High March 29, 2024 3/29/24
< 4.4.7
CVE-2023-46240
High October 31, 2023 10/31/23
< 4.4.3
CVE-2023-32692
Critical May 30, 2023 5/30/23
< 4.3.5
CVE-2022-46170
High December 22, 2022 12/22/22
< 4.2.11
CVE-2022-23556
High December 22, 2022 12/22/22
< 4.2.11
CVE-2022-39284
Low October 6, 2022 10/6/22
< 4.2.7
CVE-2022-24712
Medium February 28, 2022 2/28/22
< 4.1.9
CVE-2022-24711
Critical February 28, 2022 2/28/22
< 4.1.9
CVE-2022-21715
Medium January 24, 2022 1/24/22
< 4.1.8
CVE-2022-21647
High January 4, 2022 1/4/22
< 4.1.6
Composer icon

silverstripe / framework

80 vulnerabilities found
Title Severity Exploit Date Affected Version
Silverstripe Framework user enumeration via timing attack on login and password reset forms
Medium April 10, 2025 4/10/25
>= 4.0.0 < 5.3.23
CVE-2025-30148
Medium April 10, 2025 4/10/25
< 5.3.23
<= 5.3.23
Reflected Cross Site Scripting (XSS) in error message
Low January 23, 2025 1/23/25
< 5.3.8
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
Low January 14, 2025 1/14/25
< 5.3.8
CVE-2024-53277
Medium January 14, 2025 1/14/25
< 5.3.8
CVE-2024-47605
Medium January 14, 2025 1/14/25
< 5.3.8
CVE-2024-32981
Medium July 17, 2024 7/17/24
< 5.2.16
Silverstripe uses TinyMCE which allows svg files linked in object tags
Medium July 17, 2024 7/17/24
< 5.2.16
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High May 28, 2024 5/28/24
>= 4.0.0-rc1 < 4.0.6
>= 4.1.0-rc1 < 4.1.4
>= 4.2.0-rc1 < 4.2.3
silverstripe/framework has possible denial of service attack vector when flushing
High May 28, 2024 5/28/24
>= 4.0.0-rc1 < 4.0.5
>= 4.1.0-rc1 < 4.1.3
>= 4.2.0-rc1 < 4.2.2
silverstripe/framework may disclose database credentials during connection failure
Medium May 28, 2024 5/28/24
>= 3.7.0-rc1 < 3.7.1
>= 4.0.0-rc1 < 4.0.5
>= 4.1.0-rc1 < 4.1.3
>= 4.2.0-rc1 < 4.2.2
silverstripe/framework allows upload of dangerous file types
High May 27, 2024 5/27/24
>= 3.6.5-rc1 < 3.6.6
>= 4.0.3-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework vulnerable to member disclosure in login form
Medium May 27, 2024 5/27/24
>= 4.0.0-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework sends passwords back to browsers under some circumstances
Low May 27, 2024 5/27/24
>= 3.5.5-rc1 < 3.7.0
>= 4.0.3-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework uploaded PHP script execution in assets
Medium May 27, 2024 5/27/24
>= 4.0.0-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework code execution vulnerability
High May 27, 2024 5/27/24
>= 4.0.3-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework BackURL validation bypass with malformed URLs
High May 27, 2024 5/27/24
>= 4.0.0-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Medium May 27, 2024 5/27/24
>= 4.0.0-rc1 < 4.0.1
silverstripe/framework Privilege Escalation Risk in Member Edit form
Medium May 27, 2024 5/27/24
>= 3.5.7-rc1 < 3.5.8
>= 3.6.0-rc1 < 3.6.6
>= 4.0.0-rc1 < 4.0.4
>= 4.1.0-rc1 < 4.1.1
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Medium May 27, 2024 5/27/24
>= 4.0.0-rc1 < 4.0.4
>= 4.1.0rc1 < 4.1.1
silverstripe/framework SQL injection in full text search
High May 27, 2024 5/27/24
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Medium May 27, 2024 5/27/24
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
silverstripe/framework CSV Excel Macro Injection
High May 27, 2024 5/27/24
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
>= 4.0.0-rc1 < 4.0.1
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
High May 27, 2024 5/27/24
>= 3.5.0-rc1 < 3.5.5
>= 3.6.0-rc1 < 3.6.2
silverstripe/framework's User-Agent header not correctly invalidating user session
High May 27, 2024 5/27/24
>= 3.5.0-rc1 < 3.5.6
>= 3.6.0-rc1 < 3.6.3
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Medium May 27, 2024 5/27/24
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Medium May 27, 2024 5/27/24
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Medium May 27, 2024 5/27/24
>= 3.1.0-rc1 < 3.1.21
>= 3.2.0-rc1 < 3.2.6
>= 3.3.0-rc1 < 3.3.4
>= 3.4.0-rc1 < 3.4.2
silverstripe/framework has Cross-site Scripting vulnerability in page name
Medium May 27, 2024 5/27/24
>= 3.4.0-rc1 < 3.4.4
>= 3.5.0-rc1 < 3.5.2
silverstripe/framework member disclosure in login form
Medium May 27, 2024 5/27/24
>= 3.4.0-rc1 < 3.4.6
>= 3.5.0-rc1 < 3.5.4
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Medium May 27, 2024 5/27/24
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework's `Member.Name` is not escaped
Medium May 27, 2024 5/27/24
>= 3.1.9-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low May 27, 2024 5/27/24
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework missing ACL on reports
Medium May 27, 2024 5/27/24
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Medium May 27, 2024 5/27/24
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework password encryption salt not updated
Low May 27, 2024 5/27/24
>= 3.1.19-rc1 < 3.1.20
>= 3.2.4-rc1 < 3.2.5
>= 3.3.2-rc1 < 3.3.3
>= 3.4.0-rc1 < 3.4.1
silverstripe/framework ReadOnly transformation for formfields exploitable
Medium May 23, 2024 5/23/24
< 3.1.21
>= 3.2.0 < 3.2.6
>= 3.3.0 < 3.3.4
>= 3.4.0 < 3.4.2
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Medium May 23, 2024 5/23/24
>= 3.3.2 < 3.3.3
>= 3.4.0 < 3.4.1
Silverstripe Missing CSRF protection in login form
Medium May 23, 2024 5/23/24
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
Silverstripe Brute force bypass on default admin
Critical May 23, 2024 5/23/24
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
Silverstripe XSS in CMS Edit Page
Medium May 23, 2024 5/23/24
>= 3.1.18 < 3.1.19
>= 3.2.3 < 3.2.4
>= 3.3.1 < 3.3.2
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
Medium May 23, 2024 5/23/24
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Medium May 23, 2024 5/23/24
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
Silverstripe Missing security check on dev/build/defaults
Medium May 23, 2024 5/23/24
< 3.1.17
>= 3.2.0 < 3.2.2
>= 3.3.0-beta1 < 3.3.0
Silverstripe HtmlEditor embed url sanitisation
Medium May 23, 2024 5/23/24
>= 3.0.0 < 3.2.1
Silverstripe Form field validation message XSS vulnerability
Medium May 23, 2024 5/23/24
>= 3.0.0 < 3.1.16
>= 3.2.0 < 3.2.1
Silverstripe framework is vulnerable to XSS in install.php
Medium May 23, 2024 5/23/24
>= 3.1.0 < 3.1.14
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Medium May 23, 2024 5/23/24
>= 3.0.0 < 3.0.14
>= 3.1.0 < 3.1.13
Silverstripe XSS in dev/build returnURL Parameter
Medium May 23, 2024 5/23/24
< 3.1.14
Silverstripe External redirection risk in Security?ReturnURL
Medium May 23, 2024 5/23/24
< 3.0.14
>= 3.1.0 < 3.1.13
Composer icon

topthink / framework

10 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2025-50706
Critical August 5, 2025 8/5/25
<= 5.1.41
CVE-2024-34467
Medium May 4, 2024 5/4/24
>= 8.0.0 < 8.0.4
>= 6.1.0 < 6.1.5
< 6.0.17
CVE-2022-47945
Critical December 23, 2022 12/23/22
< 6.0.14
CVE-2022-44289
High December 6, 2022 12/6/22
<= 5.0.24
>= 5.1 <= 5.1.41
CVE-2022-38352
Critical September 15, 2022 9/15/22
<= 6.0.13
CVE-2022-33107
Critical June 29, 2022 6/29/22
<= 6.0.12
CVE-2021-23592
High May 6, 2022 5/6/22
< 6.0.12
CVE-2022-25481
High March 21, 2022 3/21/22
<= 5.0.24
CVE-2021-36564
Critical December 6, 2021 12/6/21
< 6.0.9
CVE-2021-36567
Critical December 6, 2021 12/6/21
<= 6.0.8

nuxt / framework

2 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2022-4414
Medium December 12, 2022 12/12/22
== 3.0.0-rc2
== 3.0.0-rc3
== 3.0.0-rc4
== 3.0.0-rc5
== 3.0.0-rc6
== 3.0.0-rc7
== 3.0.0-rc8
== 3.0.0-rc9
== 3.0.0-rc10
== 3.0.0-rc11
== 3.0.0-rc12
== 3.0.0-rc1
CVE-2022-4413
Medium December 12, 2022 12/12/22
== 3.0.0-rc2
== 3.0.0-rc3
== 3.0.0-rc4
== 3.0.0-rc5
== 3.0.0-rc6
== 3.0.0-rc7
== 3.0.0-rc8
== 3.0.0-rc9
== 3.0.0-rc10
== 3.0.0-rc11
== 3.0.0-rc12
== 3.0.0-rc1
Composer icon

matyhtf / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2021-43676
Critical December 3, 2021 12/3/21
< 3.0.6
Composer icon

codeigniter / framework

3 vulnerabilities found
Title Severity Exploit Date Affected Version
codeigniter/framework SQL injection in ODBC database driver
Critical May 15, 2024 5/15/24
< 3.1.0
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Medium May 15, 2024 5/15/24
< 3.0.3
CVE-2020-24950
High August 11, 2023 8/11/23
< 1.4.10
Composer icon

flarum / framework

3 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2025-27794
Medium March 12, 2025 3/12/25
< 1.8.10
CVE-2024-21641
Medium January 5, 2024 1/5/24
< 1.8.5
CVE-2023-40033
High August 16, 2023 8/16/23
< 1.8.0
Composer icon

titon / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Critical May 30, 2024 5/30/24
<= 0.1.0-alpha

basticom / framework

1 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2024-9443
Medium November 5, 2024 11/5/24
< 1.5.1

Showing vulnerabilities for 16 products matching "framework". Each product has independent pagination.