s9y/serendipity
Packagist2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting s9y/serendipitypage 1 of 1
- CVE-2026-39963MEDIUMCVSS 6.9EG 6.9✓ Fixed in 2.6.02026-04-15
vulnerable: 2.0.0 ... 2.6-beta1 (31 versions)
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An…
- CVE-2026-39971HIGHCVSS 7.2EG 7.2✓ Fixed in 2.6.02026-04-15
vulnerable: 2.0.0 ... 2.6-beta1 (31 versions)
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SMTP header without validation, and the ex…
Check whether s9y/serendipity is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for s9y/serendipity CVEs against the assets you own.
Start Free Scan →