winter/wn-cms-module

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting winter/wn-cms-modulepage 1 of 1

CVE-2024-54149HIGHCVSS 8.4EG 8.4✓ Fixed in 1.0.476
2024-12-09
vulnerable: v1.0.473, v1.0.474, v1.0.475
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypas…
CVE-2026-22254NONECVSS 0.0EG 0.0✓ Fixed in 1.2.10
2026-02-06
vulnerable: v1.0.473 ... v1.2.9 (23 versions)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization…

Check whether winter/wn-cms-module is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for winter/wn-cms-module CVEs against the assets you own.

Start Free Scan →