Security: contao/contao
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Remote code execution in template closuresGHSA-98vj-mm79-v77r published
Nov 25, 2025 by leofeyerModerate -
Cross-site scripting in templatesGHSA-68q5-78xp-cwwc published
Nov 25, 2025 by leofeyerLow -
Improper access control in the back end votersGHSA-7m47-r75r-cx8v published
Aug 28, 2025 by leofeyerModerate -
Improper privilege management for page and article fieldsGHSA-qqfq-7cpp-hcqj published
Aug 28, 2025 by leofeyerModerate -
Information disclosure in the news moduleGHSA-w53m-gxvg-vx7p published
Aug 28, 2025 by leofeyerModerate -
Information disclosure in the front end search indexGHSA-2xmj-8wmq-7475 published
Aug 28, 2025 by leofeyerModerate -
Cross-site scripting through SVG uploadsGHSA-vqqr-fgmh-f626 published
Mar 18, 2025 by leofeyerModerate -
Directory traversal in the FileSelector widgetGHSA-4p75-5p53-65m9 published
Sep 17, 2024 by leofeyerModerate -
Remote command execution through file uploadsGHSA-vm6r-j788-hjh5 published
Sep 17, 2024 by leofeyerHigh -
Insert tag injection via canonical URLsGHSA-2xpq-xp6c-5mgj published
Sep 17, 2024 by leofeyerModerate