Package impact

Packagist / sulu/sulu

CVE	Severity	CVSS	Risk	Published	Description
CVE-2026-45701	medium	—	5.5	11d ago	Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
CVE-2026-34372	unknown	—	—	2mo ago	Sulu checks fix permissions for subentities endpoints
CVE-2025-47778	unknown	—	—	1y ago	Sulu vulnerable to XXE in SVG File upload Inspector
CVE-2024-47617	unknown	—	—	2y ago	Injection of arbitrary HTML/JavaScript code through the media download URL
CVE-2024-47618	unknown	—	—	2y ago	Cross-site Scripting via uploaded SVG
CVE-2024-27915	unknown	—	—	2y ago	Sulu grants access to pages regardless of role permissions
CVE-2024-24807	unknown	—	—	2y ago	Sulu HTML Injection via Autocomplete Suggestion
CVE-2023-39343	unknown	—	—	3y ago	Sulu Observable Response Discrepancy on Admin Login
CVE-2021-43835	unknown	—	—	5y ago	Privilege escalation in the Sulu Admin panel
CVE-2021-43836	unknown	—	—	5y ago	PHP file inclusion in the Sulu admin panel
CVE-2021-41169	unknown	—	—	5y ago	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu
CVE-2021-32737	unknown	—	—	5y ago	XSS Injection in Media Collection Title was possible
CVE-2020-15132	unknown	—	—	6y ago	Reset Password / Login vulnerability in Sulu