- How many CVEs does craftcms have?
- craftcms has 148 published CVE records since 2017, including 97 in the last two years.
- How many craftcms CVEs are in CISA KEV?
- Yes — 4 of craftcms's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which craftcms products have the most CVEs?
- The craftcms products with the most published CVEs are cms, craft_cms, commerce, craft commerce, google-cloud.
- What are the most common weakness types in craftcms CVEs?
- craftcms's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-639 (Authorization Bypass Through User-Controlled Key), CWE-862 (Missing Authorization), CWE-94 (Improper Control of Generation of Code ('Code Injection')).
- Are there public exploits for craftcms vulnerabilities?
- Yes — 57 of craftcms's CVEs have a known public exploit.
- How many critical craftcms vulnerabilities are there?
- craftcms has 11 critical and 49 high-severity CVEs.
- What is the average severity of craftcms CVEs?
- The average CVSS base score across craftcms's scored CVEs is 6.6.