GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP allows method override parameters to bypass CSRF checks
High
CVE-2020-35239
was published
for
cakephp/cakephp
(Composer)
May 24, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Moderate
CVE-2011-3712
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
High
CVE-2015-8379
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Moderate
CVE-2006-5031
was published
for
cakephp/cakephp
(Composer)
May 1, 2022
Cross-site scripting (XSS) vulnerability in CakePHP
Moderate
CVE-2006-4067
was published
for
cakephp/cakephp
(Composer)
May 1, 2022
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
ProTip!
Advisories are also available from the
GraphQL API