from 0, < 3.0.0, >= 4.0.0, < 4.4.7, >= 4.5.0, < 4.5.4
HIGH7.5CVE-2020-9280SilverStripe Folders migrated from 3.x may be unsafe to upload to >= 4.0.0, < 4.5.0
from 0, < 4.10.9
MEDIUM6.5Hybridsessions does not expire session id on logout
from 0, < 2.4.0 | >= 2.5.0, <= 2.5.0
MEDIUM6.5Authentication bypass in SilverStripe GraphQL
from 0, < 4.6.0 | >= 4.6.0-rc1, <= 4.6.0-rc1
MEDIUM6.1Cross-site Scripting in SilverStripe Framework
>= 1.0.0, < 1.8.1, >= 1.9.0, < 4.8.1
MEDIUM5.4Silverstipe CMS Stored XSS in custom meta tags
>= 3.0.0, < 4.11.3
MEDIUM5.4Stored XSS in link tags added via XHR in SilverStripe Framework
from 0, < 4.10.9
MEDIUM5.4Silverstripe CMS XSS Vulnerability
>= 3.0.0, < 3.7.5
MEDIUM5.3Silverstripe has Incorrect Default Permissions
>= 3.2.0, < 3.2.4, >= 3.2.5, < 3.3.0, >= 4.5.0, < 4.5.3
MEDIUM5.3FormField with square brackets in field name skips validation
from 0, < 4.6.0 | >= 4.6.0-rc1, <= 4.6.0-rc1
MEDIUM4.8SilverStripe XXE Vulnerability in CSSContentParser
from 0, < 4.6.0 | >= 4.6.0-rc1, <= 4.6.0-rc1
MEDIUM4.3SilverStripe GraphQL Server permission checker not inherited by query subclass.
>= 3.0.0, < 3.4.1