17 Total CVE IDs
1 Critical (9.0+)
3 High (7.0-8.9)
9.8 Highest CVSS

Disclosed vulnerabilities in OSS, sorted by year (newest first).

All Disclosures

  • 2026/05/05
    CVE-2026-43936
    CWE-918 · Server-Side Request Forgery
    4.3 · Medium
  • 2024/01/22
    CVE-2024-23782
    CWE-79 · Cross-site Scripting
    5.4 · Medium
  • 2024/01/22
    CVE-2024-23348
    CWE-20 · Improper Input Validation
    5.4 · Medium
  • 2023/09/30
    CVE-2023-5318
    CWE-798 · Use of Hard-coded Credentials
    7.5 · High
  • 2023/08/30
    CVE-2023-4624
    CWE-918 · Server-Side Request Forgery
    2.4 · Low
  • 2023/08/06
    CVE-2023-4187
    CWE-79 · Cross-site Scripting
    4.8 · Medium
  • 2023/07/28
    CVE-2023-3982
    CWE-79 · Cross-site Scripting
    4.8 · Medium
  • 2023/07/28
    CVE-2023-3981
    CWE-918 · Server-Side Request Forgery
    4.9 · Medium
  • 2023/07/28
    CVE-2023-3980
    CWE-79 · Cross-site Scripting
    4.8 · Medium
  • 2023/07/26
    CVE-2023-38507⭐︎
    CWE-307 · Improper Rate Limiting
    9.8 · Critical
  • 2023/07/08
    CVE-2023-37270⭐︎
    CWE-89 · SQL Injection
    8.8 · High
  • 2023/07/06
    CVE-2023-3521
    CWE-79 · Cross-site Scripting
    6.1 · Medium
  • 2023/06/28
    CVE-2023-3445
    CWE-79 · Cross-site Scripting
    4.8 · Medium
  • 2023/06/14
    CVE-2023-34251⭐︎
    CWE-94 · Code Injection
    7.2 · High
  • 2023/06/13
    CVE-2023-34247
    CWE-601 · Open Redirect
    4.1 · Medium
  • 2022/09/01
    CVE-2022-3072
    CWE-79 · Cross-site Scripting
    5.4 · Medium
  • 2022/05/13
    CVE-2022-29894⭐︎
    CWE-79 · Cross-site Scripting
    4.8 · Medium

Top OSS Targets

Strapi
Headless CMS
★ 72.2k
Stored XSS
Improper Rate Limiting
BookStack
Documentation / Wiki
★ 18.8k
Blind SSRF
Grav
Flat-File CMS
★ 15.5k
SSTI to RCE

GitHub star counts as of May 2026.

Press

Strapi · Official Blog

Security Disclosure of Vulnerabilities: CVE-2023-38507

securityonline.info

CVE-2023-34251: Grav CMS Remote Code Execution Vulnerability

Last updated: