Pimcore/pimcore

This hub aggregates every CVE we track for Pimcore/pimcore, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Pimcore/pimcore.

• CVE-2026-27461Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause4.9Feb 24, 2026
• CVE-2026-23494Pimcore is Missing Function Level Authorization on "Static Routes" Listing4.3Jan 15, 2026
• CVE-2026-23493Pimcore ENV Variables and Cookie Informations are exposed in http_error_log8.6Jan 15, 2026
• CVE-2026-23492Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-308488.8Jan 14, 2026
• CVE-2025-27617Pimcore Vulnerable to SQL Injection in getRelationFilterCondition8.8Mar 11, 2025
• CVE-2024-11954Pimcore Search Document cross site scripting2.4Jan 28, 2025
• CVE-2023-2332Stored Cross-site Scripting (XSS) in pimcore/pimcore4.8Nov 15, 2024
• CVE-2024-32871Pimcore Vulnerable to Flooding Server with Thumbnail files7.5Jun 4, 2024
• CVE-2023-47637SQL Injection in Admin Grid Filter API in Pimcore8.8Nov 15, 2023
• CVE-2023-5873Cross-site Scripting (XSS) - Stored in pimcore/pimcore5.4Oct 31, 2023
• CVE-2023-4453Cross-site Scripting (XSS) - Reflected in pimcore/pimcore5.4Aug 21, 2023
• CVE-2023-38708Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction6.3Aug 4, 2023
• CVE-2023-3822Cross-site Scripting (XSS) - Reflected in pimcore/pimcore6.1Jul 21, 2023
• CVE-2023-3821Cross-site Scripting (XSS) - Stored in pimcore/pimcore5.4Jul 21, 2023
• CVE-2023-3820SQL Injection in pimcore/pimcore7.2Jul 21, 2023