pkg:Debian/civicrm

8 total CVEsCRITICAL2HIGH2MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2023-28115PHAR deserialization allowing remote code execution
    from 0
  • CRITICAL9.8CVE-2018-1999022PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickF…
    from 0, < 5.3.1+dfsg-1
  • HIGH8.8CVE-2020-36388In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
    from 0, < 5.24.5+dfsg1-1
  • HIGH7.5CVE-2021-21252Regular Expression Denial of Service in jquery-validation
    from 0
  • MEDIUM6.1CVE-2025-65187A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field.
    from 0
  • MEDIUM6.1CVE-2025-3573jquery-validation vulnerable to Cross-site Scripting
    from 0
  • MEDIUM5.4CVE-2023-25440Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code…
    from 0
  • MEDIUM4.3CVE-2020-36389In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
    from 0, < 5.28.4+dfsg1-1