Security Advisories - flarum/core - Packagist.org

flarum/core Security Advisories for v1.8.1 (3)

[MEDIUM] Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

PKSA-4s1v-jz1f-4jpx CVE-2026-41887 GHSA-xjvc-pw2r-6878

Affected version: >=2.0.0-beta.1,<=2.0.0-beta.8|<=1.8.15

Reported by:
GitHub
[MEDIUM] Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

PKSA-wm5r-h6h3-m2pf CVE-2025-27794 GHSA-hg9j-64wp-m9px

Affected version: <1.8.10

Reported by:
GitHub
[MEDIUM] Flarum's logout Route allows open redirects

PKSA-t2c9-4b54-wr9g CVE-2024-21641 GHSA-733r-8xcp-w9mr

Affected version: <1.8.5

Reported by:
GitHub