VYPR

npm package

@plone/volto

pkg:npm/%40plone/volto

Vulnerabilities (3)

  • CVE-2025-61668HigOct 2, 2025
    affected < 16.34.1fixed 16.34.1

    Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error wh

  • CVE-2025-58047HigAug 28, 2025
    affected < 16.34.0fixed 16.34.0

    Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with

  • CVE-2022-24740Mar 14, 2022
    affected >= 14.0.0-alpha.6, < 15.0.0-alpha.0fixed 15.0.0-alpha.0

    Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user