pkg:npm/payload

10 total CVEsCRITICAL2HIGH3MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-27952Unrestricted Upload of File with Dangerous Type in Payload
    from 0, < 0.15.1
  • CRITICAL9.1CVE-2026-34751Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery
    from 0, < 3.79.1
  • HIGH8.5CVE-2026-34747Payload has an SQL Injection via Query Handling
    from 0, < 3.79.1
  • HIGH7.7CVE-2026-34746Payload has Authenticated SSRF via Upload Functionality
    from 0, < 3.79.1
  • HIGH7.4CVE-2023-30843Hidden fields can be leaked on readable collections in Payload
    from 0, < 1.7.0
  • MEDIUM6.5CVE-2026-27567Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads
    from 0, < 3.75.0
  • MEDIUM5.4CVE-2026-34749Payload has a CSRF Protection Bypass in Authentication Flow
    from 0, < 3.79.1
  • MEDIUM5.4CVE-2026-25574payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)
    from 0, < 3.74.0
  • CVE-2025-4644Payload's SQLite adapter Session Fixation vulnerability
    from 0, < 3.44.0
  • CVE-2025-4643Payload does not invalidate JWTs after log out
    from 0, < 3.44.0