pkg:Packagist/flarum/core

9 total CVEsCRITICAL2HIGH1MEDIUM5LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2021-32671XSS vulnerability with translator
    >= 1.0.0, < 1.0.2
  • CRITICAL9.0CVE-2022-41938Cross site scripting vulnerability with discussion titles
    >= 1.5.0, < 1.6.2
  • HIGH7.1CVE-2023-40033Flarum vulnerable to LFI and Blind SSRF via Avatar upload
    from 0, < 1.8.0
  • MEDIUM6.8CVE-2025-27794Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
    from 0, < 1.8.10
  • MEDIUM6.8CVE-2023-22488Flarum notifications can leak restricted content
    from 0, < 1.6.3
  • MEDIUM6.5CVE-2024-21641Flarum's logout Route allows open redirects
    from 0, < 1.8.5
  • MEDIUM6.5CVE-2023-27577Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
    from 0, < 1.7.0
  • MEDIUM4.9CVE-2026-41887Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
    from 0, < 1.8.16
  • LOW3.5CVE-2023-22489Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
    >= 1.3.0, < 1.6.3