Flarum/core
This hub aggregates every CVE we track for Flarum/core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM4CRITICAL2LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Flarum/core.
- CVE-2025-27794Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite6.8
- CVE-2024-21641Flarum's Logout Route allows open redirects6.5
- CVE-2023-40033Server-Side Request Forgery via Avatar upload in flarum7.1
- CVE-2023-27577Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum6.6
- CVE-2023-22489Flarum is missing authorization in discussion replies3.5
- CVE-2023-22488Missing authorization in Flarum6.8
- CVE-2022-41938Cross site scripting vulnerability with discussion titles in flarum9.0
- CVE-2021-32671XSS vulnerability with translator10.0
Product normalization is registry-driven with AI assist and human review. How it works