flarum/framework

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting flarum/frameworkpage 1 of 1

CVE-2018-19133MEDIUMCVSS 5.3EG 5.3
2018-11-09
vulnerable: v0.1.0-beta ... v0.1.0-beta.7.1 (8 versions)
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
CVE-2023-40033HIGHCVSS 7.1EG 7.1✓ Fixed in 1.8.0
2023-08-16
vulnerable: v0.1.0-beta ... v1.7.1 (41 versions)
Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any F…
CVE-2024-21641MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.8.5
2024-01-05
vulnerable: v0.1.0-beta ... v1.8.3 (45 versions)
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redire…
CVE-2025-27794MEDIUMCVSS 6.8EG 6.8✓ Fixed in 1.8.10
2025-03-12
vulnerable: v0.1.0-beta ... v1.8.9 (50 versions)
Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the pa…

Check whether flarum/framework is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for flarum/framework CVEs against the assets you own.

Start Free Scan →