octobercms october Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting octobercms october, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every octobercms october version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v1.0.31924 CVEs
v1.0.32024 CVEs
v1.0.32124 CVEs
v1.0.32224 CVEs
v1.0.32324 CVEs
v1.0.32424 CVEs
v1.0.32524 CVEs
v1.0.32624 CVEs
v1.0.32724 CVEs
v1.0.32824 CVEs
v1.0.32924 CVEs
v1.0.33024 CVEs
v1.0.33124 CVEs
v1.0.33224 CVEs
v1.0.33324 CVEs
v1.0.33424 CVEs
v1.0.33524 CVEs
v1.0.33624 CVEs
v1.0.33724 CVEs
v1.0.33824 CVEs
v1.0.33924 CVEs
v1.0.34024 CVEs
v1.0.34124 CVEs
v1.0.34224 CVEs
v1.0.34324 CVEs
v1.0.34424 CVEs
v1.0.34524 CVEs
v1.0.34624 CVEs
v1.0.34724 CVEs
v1.0.34824 CVEs
v1.0.34924 CVEs
v1.0.35024 CVEs
v1.0.35124 CVEs
v1.0.35224 CVEs
v1.0.35324 CVEs
v1.0.35424 CVEs
v1.0.35524 CVEs
v1.0.35624 CVEs
v1.0.35724 CVEs
v1.0.35824 CVEs
v1.0.35924 CVEs
v1.0.36024 CVEs
v1.0.36124 CVEs
v1.0.36224 CVEs
v1.0.36324 CVEs
v1.0.36424 CVEs
v1.0.36524 CVEs
v1.0.36624 CVEs
v1.0.36724 CVEs
v1.0.36824 CVEs
v1.0.36924 CVEs
v1.0.37024 CVEs
v1.0.37124 CVEs
v1.0.37224 CVEs
v1.0.37324 CVEs
v1.0.37424 CVEs
v1.0.37524 CVEs
v1.0.37624 CVEs
v1.0.37724 CVEs
v1.0.37824 CVEs
v1.0.37924 CVEs
v1.0.38024 CVEs
v1.0.38124 CVEs
v1.0.38224 CVEs
v1.0.38324 CVEs
v1.0.38424 CVEs
v1.0.38524 CVEs
v1.0.38624 CVEs
v1.0.38724 CVEs
v1.0.38824 CVEs
v1.0.38924 CVEs
v1.0.39024 CVEs
v1.0.39124 CVEs
v1.0.39224 CVEs
v1.0.39324 CVEs
v1.0.39424 CVEs
v1.0.39524 CVEs
v1.0.39624 CVEs
v1.0.39724 CVEs
v1.0.39824 CVEs
v1.0.39924 CVEs
v1.0.40024 CVEs
v1.0.40124 CVEs
v1.0.40224 CVEs
v1.0.40324 CVEs
v1.0.40424 CVEs
v1.0.40524 CVEs
v1.0.40624 CVEs
v1.0.40724 CVEs
v1.0.40824 CVEs
v1.0.40924 CVEs
v1.0.41024 CVEs
v1.0.41124 CVEs
v1.0.41224 CVEs
v1.0.41318 CVEs
v1.0.41418 CVEs
v1.0.41518 CVEs
v1.0.41618 CVEs
v1.0.41718 CVEs
v1.0.41818 CVEs
v1.0.41918 CVEs
v1.0.42018 CVEs
v1.0.42118 CVEs
v1.0.42218 CVEs
v1.0.42318 CVEs
v1.0.42418 CVEs
v1.0.42518 CVEs
v1.0.42618 CVEs
v1.0.42717 CVEs
v1.0.42817 CVEs
v1.0.42916 CVEs
v1.0.43016 CVEs
v1.0.43116 CVEs
v1.0.43215 CVEs
v1.0.43315 CVEs
v1.0.43415 CVEs
v1.0.43515 CVEs
v1.0.43615 CVEs
v1.0.43714 CVEs
v1.0.43814 CVEs
v1.0.43914 CVEs
v1.0.44014 CVEs
v1.0.44114 CVEs
v1.0.44214 CVEs
v1.0.44314 CVEs
v1.0.44414 CVEs
v1.0.44514 CVEs
v1.0.44614 CVEs
v1.0.44714 CVEs
v1.0.44814 CVEs
v1.0.44914 CVEs
v1.0.45014 CVEs
v1.0.45114 CVEs
v1.0.45214 CVEs
v1.0.45314 CVEs
v1.0.45414 CVEs
v1.0.45514 CVEs
v1.0.45614 CVEs
v1.0.45714 CVEs
v1.0.45814 CVEs
v1.0.45914 CVEs
v1.0.46014 CVEs
v1.0.46114 CVEs
v1.0.46214 CVEs
v1.0.46314 CVEs
v1.0.46414 CVEs
v1.0.46514 CVEs
v1.1.010 CVEs
v1.0.4669 CVEs
v1.1.19 CVEs
v1.0.4678 CVEs
v1.0.4688 CVEs
v1.1.28 CVEs
v1.1.38 CVEs
v1.1.48 CVEs
< 3.7.146 CVEs
>= 4.0.0, < 4.1.106 CVEs
v1.0.4696 CVEs
v1.1.55 CVEs
v2.0.05 CVEs
v2.0.105 CVEs
v2.0.135 CVEs
v2.0.145 CVEs
v2.0.155 CVEs
v2.0.165 CVEs
v2.0.275 CVEs
v2.0.295 CVEs
v2.0.35 CVEs
v2.1.05 CVEs
v2.1.105 CVEs
v2.1.35 CVEs
v2.1.55 CVEs
v2.1.65 CVEs
v2.1.85 CVEs
v2.1.124 CVEs
v2.1.164 CVEs
v2.1.204 CVEs
v2.1.214 CVEs
v2.1.224 CVEs
v2.1.234 CVEs
v2.1.244 CVEs
v2.1.254 CVEs
v2.1.264 CVEs
v3.0.04 CVEs
v3.0.104 CVEs
v3.0.174 CVEs
v3.0.24 CVEs
v3.0.224 CVEs
v3.0.404 CVEs
v3.0.424 CVEs
v3.0.454 CVEs
v3.0.464 CVEs
v3.0.564 CVEs
v3.0.64 CVEs
v3.0.614 CVEs
v3.0.624 CVEs
v3.0.74 CVEs
v3.0.744 CVEs
v3.0.94 CVEs
v3.1.04 CVEs
v3.1.14 CVEs
v3.1.124 CVEs
v3.1.144 CVEs
v3.1.224 CVEs
v3.1.264 CVEs
v3.2.04 CVEs
< 3.7.133 CVEs
v1.1.63 CVEs
v1.1.93 CVEs
v2.1.273 CVEs
v3.2.113 CVEs
v3.3.03 CVEs
v3.3.113 CVEs
v3.3.33 CVEs
v3.3.73 CVEs
v3.3.93 CVEs
v3.4.03 CVEs
v3.4.13 CVEs
v3.4.103 CVEs
v3.4.143 CVEs
v3.4.63 CVEs
v3.4.93 CVEs
v3.5.03 CVEs
v3.5.13 CVEs
< 1.0.4732 CVEs
< 3.7.162 CVEs
>= 1.0.471, < 1.0.4722 CVEs
>= 1.1.0, < 1.1.62 CVEs
>= 1.1.1, < 1.1.52 CVEs
>= 4.0.0, < 4.0.122 CVEs
>= 4.0.0, < 4.1.162 CVEs
v1.0.4702 CVEs
v1.0.4712 CVEs
v1.0.4722 CVEs
v1.1.102 CVEs
v3.5.22 CVEs
v3.5.42 CVEs
v3.5.72 CVEs
v3.5.82 CVEs
v3.6.02 CVEs
v3.6.12 CVEs
v3.6.42 CVEs
v3.7.02 CVEs
v3.7.102 CVEs
v3.7.32 CVEs
< 1.0.4741 CVE
< 1.0.4751 CVE
< 1.0.4761 CVE
< 2.2.341 CVE
>= 1.1.0, < 1.1.101 CVE
>= 1.1.0, < 1.1.111 CVE
>= 1.1.0, < 1.1.121 CVE
>= 2.0.0, < 2.1.271 CVE
>= 2.0.0, < 2.2.151 CVE
>= 3.0.0, < 3.0.661 CVE
>= 4.0.0, < 4.1.51 CVE
1.0.4711 CVE
1.1.11 CVE
v1.0.4731 CVE
v1.0.4741 CVE
v1.3.11 CVE
v1.3.21 CVE
v1.3.41 CVE
v1.3.51 CVE
v1.3.61 CVE
v1.4.01 CVE

Fixed in

1.0.4666 CVEs
9e64e638057f162717598a7962d63ba9f139436b5 CVEs
1.0.4694 CVEs
0fa592ba42eebd3c38621f14c9d9f4588278efab2 CVEs
1.1.52 CVEs
167b592eed291ae1563c8fcc5b9b34a03a300f262 CVEs
2b8939cc8b5b6fe81e093fe2c9f883ada4e3c8cc2 CVEs
3.4.152 CVEs
3.5.152 CVEs
3.7.132 CVEs
4.0.122 CVEs
6130d6d694f535340b2c58db29702cbcd6eb29a42 CVEs

Find a version

61 CVEs

Sort

October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations
CVE-2026-29179
Patch
CWE-863
Low · CVSS 3.3
EPSS 0.0% (10th pct)2026-04-21
October: Reflected XSS via DataTable Form Widget
CVE-2026-27937
Patch
CWE-79
Low · CVSS 3.1
EPSS 0.0% (11th pct)2026-04-21
October: Safe Mode Bypass via Twig Database Write Operations
CVE-2026-26274
Patch
CWE-184
Medium · CVSS 6.6
EPSS 0.1% (23th pct)2026-04-21
October: Safe Mode Bypass via CSS Preprocessor Compilers
CVE-2026-26067
Patch
CWE-863
Medium · CVSS 4.9
EPSS 0.1% (17th pct)2026-04-21
October CMS has Stored XSS via SVG Filter Bypass
CVE-2026-25133
Patch
CWE-79
Medium · CVSS 4.8
EPSS 0.0% (1th pct)2026-04-14
October CMS: Environment Variable Exfiltration via INI Parser Interpolation
CVE-2026-25125
Patch
CWE-200
Medium · CVSS 4.9
EPSS 0.0% (3th pct)2026-04-14
October CMS has Stored XSS via Event Log Mail Preview
CVE-2026-24907
Patch
CWE-79
Medium · CVSS 5.1
EPSS 0.0% (11th pct)2026-04-14
October CMS has Stored XSS in its Backend Editor Markup Classes
CVE-2026-24906
Patch
CWE-79
Medium · CVSS 5.1
EPSS 0.0% (2th pct)2026-04-14
October CMS: Twig Sandbox Bypass via Collection Methods
CVE-2026-22692
Patch
CWE-284
Medium · CVSS 4.9
EPSS 0.0% (5th pct)2026-04-14
October CMS Vulnerable to Stored XSS via Editor and Branding Styles
CVE-2025-61674
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.1% (21th pct)2026-01-10
October CMS Vulnerable to Stored XSS via Branding Styles
CVE-2025-61676
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.1% (21th pct)2026-01-10
Low vulnerability · 2025-05-05
CVE-2024-51991
Patch
CWE-434
Low · CVSS 1.1
EPSS 0.3% (55th pct)2025-05-05
Medium vulnerability · 2024-10-02
CVE-2024-45962
Public exploit
CWE-79
Medium · CVSS 4.7
EPSS 0.3% (51th pct)2024-10-02
Medium vulnerability · 2024-08-16
CVE-2024-25837CWE-79
Medium · CVSS 5.4
EPSS 0.2% (36th pct)2024-08-16
Reflected XSS via X-October-Request-Handler Header
CVE-2024-25637
Patch
CWE-79
Low · CVSS 3.1
EPSS 0.8% (75th pct)2024-06-26
Low vulnerability · 2024-06-26
CVE-2024-24764
Patch
CWE-601
Low · CVSS 3.5
EPSS 0.1% (28th pct)2024-06-26
High vulnerability · 2024-02-08
CVE-2023-25365CWE-434
High · CVSS 7.8
EPSS 0.0% (16th pct)2024-02-08
Medium vulnerability · 2023-12-01
CVE-2023-44381
Patch
CWE-94
Medium · CVSS 4.9
EPSS 0.2% (39th pct)2023-12-01
Critical vulnerability · 2023-12-01
CVE-2023-44382
Patch
CWE-94
Critical · CVSS 9.1
EPSS 0.2% (48th pct)2023-12-01
October CMS stored XSS by authenticated backend user with improper configuration
CVE-2023-44383
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.9% (77th pct)2023-11-29
Vulnerability · 2023-09-28
CVE-2023-43876
Public exploit
Unscored
EPSS 0.3% (50th pct)2023-09-28
Vulnerability · 2023-07-26
CVE-2023-37692
Public exploit
Unscored
EPSS 0.4% (59th pct)2023-07-26
Medium vulnerability · 2022-10-13
CVE-2022-35944
Patch
CWE-94
Medium · CVSS 6.2
EPSS 0.5% (68th pct)2022-10-13
High vulnerability · 2022-07-12
CVE-2022-24800
Patch
CWE-362
High · CVSS 8.1
EPSS 2.9% (87th pct)2022-07-12
Medium vulnerability · 2022-02-23
CVE-2022-23655
Patch
CWE-347
Medium · CVSS 4.8
EPSS 0.1% (34th pct)2022-02-23
High vulnerability · 2022-02-23
CVE-2022-21705
Patch
CWE-74
High · CVSS 7.2
EPSS 70.3% (99th pct)2022-02-23
High vulnerability · 2022-01-14
CVE-2021-32649
Patch
CWE-74
High · CVSS 8.8
EPSS 0.5% (66th pct)2022-01-14
Arbitrary code execution in october/system
CVE-2021-32650
Public exploit
Patch
CWE-74
High · CVSS 8.8
EPSS 1.1% (78th pct)2022-01-14
High vulnerability · 2021-10-06
CVE-2021-41126
Patch
CWE-287
High · CVSS 7.2
EPSS 0.5% (66th pct)2021-10-06
High vulnerability · 2021-08-26
CVE-2021-29487
Patch
CWE-287
High · CVSS 7.4
EPSS 0.5% (67th pct)2021-08-26

Showing 30 of 61

octobercms october Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other octobercms products

Frequently asked questions

How many CVEs does octobercms october have?

How many octobercms october CVEs are in CISA KEV?

Are there public exploits for octobercms october vulnerabilities?

Which versions of octobercms october are affected?

What are the most common weakness types in octobercms october CVEs?

How many critical octobercms october vulnerabilities are there?

What is the average severity of octobercms october CVEs?

References

Track octobercms october vulnerabilities