publify_project CVE Vulnerabilities & Metrics

Focus on publify_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About publify_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with publify_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total publify_project CVEs: 14
Earliest CVE date: 09 Jan 2020, 14:15 UTC
Latest CVE date: 29 Jan 2023, 17:15 UTC

Latest CVE reference: CVE-2023-0569

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical publify_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.41

Max CVSS: 6.4

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	7
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS publify_project CVEs

These are the five CVEs with the highest CVSS scores for publify_project, sorted by severity first and recency.

CVE-2022-0578 publify_project Published on 16 May 2022, 15:15 UTC (CVSS: 6.4)
Code Injection in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0574 publify_project Published on 16 May 2022, 15:15 UTC (CVSS: 6.4)
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVE-2021-25973 publify_project Published on 02 Nov 2021, 07:15 UTC (CVSS: 6.4)
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
CVE-2022-0524 publify_project Published on 08 Feb 2022, 22:15 UTC (CVSS: 5.0)
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2014-3211 publify_project Published on 09 Jan 2020, 14:15 UTC (CVSS: 5.0)
Publify before 8.0.1 is vulnerable to a Denial of Service attack

All CVEs for publify_project

CVE-2023-0569 publify_project vulnerability CVSS: 0 29 Jan 2023, 17:15 UTC

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

CVE-2023-0299 publify_project vulnerability CVSS: 0 14 Jan 2023, 15:15 UTC

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-2815 publify_project vulnerability CVSS: 0 14 Jan 2023, 14:15 UTC

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-1812 publify_project vulnerability CVSS: 0 14 Jan 2023, 14:15 UTC

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.

CVE-2022-1811 publify_project vulnerability CVSS: 3.5 23 May 2022, 16:16 UTC

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

CVE-2022-1810 publify_project vulnerability CVSS: 4.0 23 May 2022, 12:16 UTC

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.

CVE-2022-1553 publify_project vulnerability CVSS: 4.0 16 May 2022, 15:15 UTC

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.

CVE-2022-0578 publify_project vulnerability CVSS: 6.4 16 May 2022, 15:15 UTC

Code Injection in GitHub repository publify/publify prior to 9.2.8.

CVE-2022-0574 publify_project vulnerability CVSS: 6.4 16 May 2022, 15:15 UTC

Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

CVE-2022-0524 publify_project vulnerability CVSS: 5.0 08 Feb 2022, 22:15 UTC

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.

CVE-2021-25975 publify_project vulnerability CVSS: 3.5 10 Nov 2021, 11:15 UTC

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.

CVE-2021-25974 publify_project vulnerability CVSS: 3.5 10 Nov 2021, 11:15 UTC

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.

CVE-2021-25973 publify_project vulnerability CVSS: 6.4 02 Nov 2021, 07:15 UTC

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

CVE-2014-3211 publify_project vulnerability CVSS: 5.0 09 Jan 2020, 14:15 UTC

Publify before 8.0.1 is vulnerable to a Denial of Service attack