pkg:Packagist/codeigniter4/framework

14 total CVEsCRITICAL3HIGH7MEDIUM3LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2025-54418CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability
    from 0, < 4.6.2
  • CRITICAL9.8CVE-2023-32692Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
    from 0, < 4.3.5
  • CRITICAL9.4CVE-2022-24711Remote CLI Command Execution Vulnerability in CodeIgniter4
    from 0, < 4.1.9
  • HIGH8.8CVE-2020-10793CodeIgniter Improper Privilege Management
    from 0, <= 4.0.0
  • HIGH8.6CVE-2022-46170CodeIgniter4 Potential Session Handlers Vulnerability
    from 0, < 4.2.11
  • HIGH7.7CVE-2022-21647Deserialization of Untrusted Data in Codeigniter4
    from 0, < 4.1.6
  • HIGH7.5CVE-2024-29904CodeIgniter4 DoS Vulnerability
    from 0, < 4.4.7
  • HIGH7.5CVE-2023-46240CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
    from 0, < 4.4.3
  • HIGH7.5CVE-2017-1000247CodeIgniter HTTP Header Injection
    >= 3.1.3, < 3.1.4
  • HIGH7.0CVE-2022-23556CodeIgniter4 allows spoofing of IP address when using proxy
    from 0, < 4.2.11
  • MEDIUM6.3CVE-2022-24712Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
    from 0, < 4.1.9
  • MEDIUM5.4CVE-2022-21715Cross-site Scripting Vulnerability in CodeIgniter4
    from 0, < 4.1.8
  • MEDIUM5.3CVE-2025-24013Missing validation of header name and value in codeigniter4/framework
    from 0, < 4.5.8
  • LOW2.6CVE-2022-39284Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
    from 0, < 4.2.7
Packagist/codeigniter4/framework — 14 CVEs · VulnScope