Package impact
Packagist / silverstripe/assets
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24749 | medium | 5.3 | 5.3 | 1mo ago | Silverstripe Assets Module has a DBFile::getURL() permission bypass | |||
| CVE-2022-38724 | unknown | — | — | 4y ago | Silverstripe XSS in shortcodes | |||
| CVE-2022-38147 | unknown | — | — | 4y ago | XSS via uploaded gpx file | |||
| CVE-2022-29858 | unknown | — | — | 4y ago | Unpublished, protected files can be published via shortcode | |||
| CVE-2020-9280 | unknown | — | — | 4y ago | SilverStripe Folders migrated from 3.x may be unsafe to upload to | |||
| CVE-2019-12245 | unknown | — | — | 7y ago | Lack of access control on upoaded files |