-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Security: frappe/frappe
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Possibility of SQL injection due to improper validationsGHSA-6phg-4wmq-h5h3 published
Mar 26, 2025 by akhilnarangModerate -
Possibility of Remote Code Execution due to improper validationGHSA-v342-4xr9-x3q3 published
Mar 25, 2025 by akhilnarangHigh -
Information disclosure leading to account takeoverGHSA-qrv3-jc3h-f3m6 published
Mar 25, 2025 by akhilnarangHigh -
Possibility of SQL injection due to improper validationsGHSA-3hj6-r5c9-q8f3 published
Mar 25, 2025 by akhilnarangModerate -
Privilege escalation via document actionGHSA-gjqf-v2f6-962h published
Dec 17, 2024 by akhilnarangHigh -
Open redirect on login pageGHSA-7g27-q225-j894 published
May 9, 2024 by ankushModerate -
File Permissions can by bypassed using certain endpointsGHSA-hq5v-q29v-7rcw published
Mar 20, 2024 by ankushHigh -
SQL Injection from reporting logicGHSA-fxfv-7gwx-54jh published
Mar 20, 2024 by ankushCritical -
Frappe Authenticated Reflected Cross site scripting (XSS) in portal pagesGHSA-7p3m-h76m-hg9v published
Feb 6, 2024 by ankushModerate -
frappe.flags.in_safe_exec can become False while executing a Server ScriptGHSA-v3vh-7qx4-f582 published
Dec 18, 2023 by ankushModerate