Package impact
Packagist / october/rain
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25133 | medium | — | 5.5 | 2mo ago | October Rain has Stored XSS via SVG Filter Bypass | |||
| CVE-2026-25125 | medium | — | 5.5 | 2mo ago | October Rain has Environment Variable Exfiltration via INI Parser Interpolation | |||
| CVE-2017-15284 | medium | 5.4 | 5.4 | 9y ago | OctoberCMS Cross-Site Scripting | |||
| CVE-2026-22692 | unknown | — | — | 2mo ago | October Rain has a Twig Sandbox Bypass via Collection Methods | |||
| CVE-2021-3311 | unknown | — | — | 5y ago | October CMS Session ID not invalidated after logout | |||
| CVE-2020-15128 | unknown | — | — | 6y ago | Reliance on Cookies without validation in OctoberCMS |