Security: frappe/frappe
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Unauthenticated User Enumeration via reset_passwordGHSA-3vqc-c545-w7jg published
Jun 19, 2026 by AarDG10Moderate -
TarSlip RCE in Package ImportGHSA-58w2-4cjg-hvp6 published
Jul 4, 2026 by AarDG10High -
Authenticated SSRF / LFI via pdfkitGHSA-pj59-9hv9-rmrv published
Jun 26, 2026 by AarDG10Moderate -
Auth. bypass via update_pageGHSA-r24j-xrj8-273q published
Jun 26, 2026 by AarDG10Moderate -
Arbitrary File Attachment Injection via File-Handling API EndpointsGHSA-fwrv-4rw4-97fw published
Jun 26, 2026 by AarDG10Moderate -
Unrestricted API access to an API in reportviewGHSA-w8g7-j846-j248 published
Jun 17, 2026 by AarDG10Moderate -
check_safe_sql_query Permits SELECT INTO OUTFILEGHSA-wx8j-cw4r-vrhv published
Jun 23, 2026 by AarDG10Low -
Broken Access Control on Private FilesGHSA-gvg7-4p32-j648 published
May 27, 2026 by ShrihariMahabalHigh -
IDOR in update_onboarding_stepGHSA-78rj-jch8-42m8 published
Jun 7, 2026 by AarDG10Moderate -
Missing authorization on reset form toursGHSA-9cxj-48g3-jx22 published
Jun 7, 2026 by AarDG10Low