@plone/volto

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @plone/voltopage 1 of 1

CVE-2022-24740MEDIUMCVSS 5.0EG 5.0✓ Fixed in 15.0.0-alpha.0
2022-03-14
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectiv…
CVE-2025-58047HIGHCVSS 7.5EG 7.5✓ Fixed in 19.0.0-alpha.4
2025-08-28
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the …
CVE-2025-61668NONECVSS 0.0EG 0.0✓ Fixed in 19.0.0-alpha.6
2025-10-02
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS serv…

Check whether @plone/volto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @plone/volto CVEs against the assets you own.

Start Free Scan →