pkg:Packagist/october/rain

6 total CVEsCRITICAL1MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2021-3311October CMS Session ID not invalidated after logout
    from 0, < 1.0.472
  • MEDIUM6.1CVE-2020-15128Reliance on Cookies without validation in OctoberCMS
    >= 1.0.319, < 1.0.468
  • MEDIUM5.4CVE-2017-15284OctoberCMS Cross-Site Scripting
    from 0, < 1.0.426
  • MEDIUM4.9CVE-2026-25125October Rain has Environment Variable Exfiltration via INI Parser Interpolation
    >= 4.0.0, < 4.1.10
  • MEDIUM4.9CVE-2026-22692October Rain has a Twig Sandbox Bypass via Collection Methods
    >= 4.0.0, < 4.1.5
  • MEDIUM4.8CVE-2026-25133October Rain has Stored XSS via SVG Filter Bypass
    >= 4.0.0, < 4.1.10