Security: Squidex/squidex
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External RequestsGHSA-6q6m-7h5j-jq4g published
Apr 14, 2026 by SebastianStehleModerate -
SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClientGHSA-4m22-gvqm-jv97 published
Apr 14, 2026 by SebastianStehleHigh -
Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets)GHSA-x7cq-4f4c-8qcv published
Apr 14, 2026 by SebastianStehleCritical -
Blind SSRF via file:// Protocol in Restore API leading to Local File InteractionGHSA-45fq-w37p-qfw5 published
Apr 14, 2026 by SebastianStehleModerate -
Server-Side Request Forgery (SSRF) in Webhook ConfigurationGHSA-wxg2-953m-fg2w published
Jan 26, 2026 by SebastianStehleCritical -
Stored XSS via insufficient SVG element filteringGHSA-xfr4-qg2v-7v5m published
Nov 7, 2023 by SebastianStehleModerate -
RCE via Arbitrary File WriteGHSA-phqq-8g7v-3pg5 published
Nov 7, 2023 by SebastianStehleHigh -
Cross-Site Scripting (XSS) via postMessage HandlerGHSA-7q4f-fprr-5jw8 published
Nov 7, 2023 by SebastianStehleModerate
Learn more about advisories related to Squidex/squidex in the GitHub Advisory Database