Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Flarum — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting Flarum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Flarum:frameworkFriendsofFlarum Pretty Mailstickycorenicknames
CVE IDTitleCVSSSeverityPaused
CVE-2026-30913 flarum/nickname: Display name injection in notification emails (autolink & markdown) — nicknamesCWE-79 4.6 Medium2026-03-09
CVE-2024-58303 FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings — FriendsofFlarum Pretty MailCWE-1336 7.2AIHighAI2025-12-11
CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings — FriendsofFlarum Pretty MailCWE-98 4.9AIMediumAI2025-12-11
CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite — frameworkCWE-74 6.8 Medium2025-03-12
CVE-2024-21641 Flarum's Logout Route allows open redirects — frameworkCWE-601 6.5 Medium2024-01-05
CVE-2023-40033 Server-Side Request Forgery via Avatar upload in flarum — frameworkCWE-918 7.1 High2023-08-16
CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum — frameworkCWE-22 6.6 Medium2023-03-10
CVE-2023-22489 Flarum is missing authorization in discussion replies — frameworkCWE-862 3.5 Low2023-01-13
CVE-2023-22488 Missing authorization in Flarum — frameworkCWE-862 6.8 Medium2023-01-12
CVE-2023-22487 Post mentions can be used to read any post on the forum without access control — frameworkCWE-284 7.7 High2023-01-11
CVE-2022-41938 Cross site scripting vulnerability with discussion titles in flarum — frameworkCWE-79 9.0 Critical2022-11-19
CVE-2021-32671 XSS vulnerability with translator — coreCWE-79 10.0 Critical2021-06-07
CVE-2021-21283 XSS in Flarum Sticky extension. — stickyCWE-79 5.4 Medium2021-01-26

This page lists every published CVE security advisory associated with Flarum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.