Security: frappe/frappe
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Possibility of SQL Injection due to improper field sanitizationGHSA-2c4m-999q-xhx4 published
Mar 11, 2026 by akhilnarangModerate -
Possible SSRF by any authenticated userGHSA-mggg-hmjm-j6c2 published
Mar 11, 2026 by akhilnarangModerate -
Workspace modification and stored XSS due to improper resource ownership checksGHSA-qmhf-rgx2-8p25 published
Mar 11, 2026 by akhilnarangModerate -
Possibility of SQL Injection due to improper fieldname sanitizationGHSA-w3g7-m7xr-2w38 published
Mar 5, 2026 by akhilnarangModerate -
Broken Access Control in DocShareGHSA-5h4c-9p23-4c3m published
Mar 5, 2026 by akhilnarangHigh -
Stored XSS in avatar_macro.htmlGHSA-vm63-r48g-7wqh published
Feb 28, 2026 by AarDG10Low -
XSS and Open Redirect in Sign UpGHSA-7m8v-g2pr-h2f7 published
Feb 10, 2026 by akhilnarangModerate -
Possibility of RCE due to SSTIGHSA-qq98-vfv9-xmxh published
Dec 29, 2025 by akhilnarangCritical -
Authenticated XSS via leaderboardGHSA-cx24-w5gm-5vv9 published
Dec 24, 2025 by akhilnarangModerate -
Path traversal allowed reading certain filesGHSA-xj39-3g4p-f46v published
Jan 5, 2026 by akhilnarangHigh