Security: frappe/crm
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
-
Authentication Bypass via Logged Invitation Keys in crm/apiGHSA-wqrv-q8m5-qr77 published
Jun 2, 2026 by shahzeelahmedHigh -
SQL Injection vulnerability in document-linking functionalityGHSA-4q6w-fgx7-9rqx published
May 18, 2026 by shariquerikModerate -
Authorization and Privilege Escalation Issues in Frappe CRM APIsGHSA-wg3q-hf3h-58rc published
Mar 10, 2026 by ankushHigh -
Overly Permissive "All" Role PermissionsGHSA-v845-c2wq-jwg5 published
Mar 10, 2026 by ankushHigh -
Missing Authorization Checks on View Settings and Document OperationsGHSA-hfgw-j396-96v6 published
Mar 10, 2026 by ankushHigh -
Authenticated XSS via website fieldGHSA-fm34-v6j7-chwc published
Dec 29, 2025 by akhilnarangModerate
Learn more about advisories related to frappe/crm in the GitHub Advisory Database