Product
publify project publify
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-39311
CVE-2023-0569
CVE-2023-0299
CVE-2022-2815
CVE-2022-1812
CVE-2022-1811
CVE-2022-1810
CVE-2022-1553
CVE-2022-0578
CVE-2022-0574
CVE-2022-0524
CVE-2021-25975
CVE-2021-25974
CVE-2021-25973
CVE-2014-3211
< 10.0.1
Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to
< 9.2.10
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
< 9.2.10
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
< 9.2.10
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
< 9.2.10
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
< 9.2.9
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
< 9.2.9
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
< 9.2.8
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. At
< 9.2.8
Code Injection in GitHub repository publify/publify prior to 9.2.8.
< 9.2.8
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
< 9.2.7
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
>= 8.0 and <= 9.2.4
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a u
>= 8.0 and <= 9.2.4
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute
>= 9.0.0 and <= 9.2.4
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the
< 8.0.1
Publify before 8.0.1 is vulnerable to a Denial of Service attack