13 Total advisories
13 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 8.1
CVE-2026-45013
Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
HIGH 7.3
CVE-2026-45011
Apostrophe has stored XSS via javascript: URL in Image Widget Link
HIGH 7.6
CVE-2026-45012
Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
HIGH 8.7
CVE-2026-35569
Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS
MEDIUM 5.3
CVE-2026-33888
ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API
LOW 3.7
CVE-2026-33877
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
MEDIUM 5.4
CVE-2026-33889
ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context
MEDIUM 5.3
CVE-2026-39857
ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions
HIGH 8.1
CVE-2026-32730
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
CRITICAL 9.8
CVE-2021-25979
Apostrophe CMS Insufficient Session Expiration vulnerability
MEDIUM 5.4
CVE-2021-25978
Cross-site Scripting in apostrophe
UNKNOWN
GHSA-h97g-4mx7-5p2p
Open Redirect in apostrophe
UNKNOWN
GHSA-pv6r-vchh-cxg9
Denial of Service in apostrophe
Ready to move
Start Securing
Free, no credit card | First findings in minutes