Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Frappé — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in Frappé, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerabilities associated with the frappe product, a framework for building web applications. The content collected here primarily addresses flaws within the frappe ecosystem, including injection attacks, cross-site scripting issues, authentication bypasses, and logic errors that may allow unauthorized access or data manipulation. These records span a comprehensive historical range, capturing reports from initial public disclosures through to recent updates, ensuring that both legacy and modern security incidents are documented. By reviewing this aggregation, users can effectively track vendor advisories and security bulletins issued by the frappe team and its contributors. Furthermore, analysts can deepen their understanding of specific weakness classes prevalent in this technology stack, observing how certain design patterns or coding practices consistently lead to exploitable conditions. The page also facilitates the lookup of a product's specific vulnerability history, allowing developers and security professionals to assess the stability and patching cadence of various frappe versions over time. This centralized view supports informed decision-making regarding upgrades and mitigation strategies, providing a clear picture of the evolving threat landscape for applications built on this platform without requiring users to search multiple disparate sources.

Vendor: frappe

CVE IDTitleCVSSSeverityPublished
CVE-2026-39352 Frappe has an Arbitrary File Read via Path Traversal in render_include CWE-22--2026-05-20
CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters CWE-79 5.4AIMediumAI2026-04-22
CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer CWE-79 5.4AIMediumAI2026-04-22
CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit CWE-862 8.8AIHighAI2026-04-07
CVE-2026-35614 Frappe has a SQL injection in bulk_update CWE-89 8.8AIHighAI2026-04-07
CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks CWE-79 5.4AIMediumAI2026-03-11
CVE-2026-31878 Frappe: Possible SSRF by any authenticated user CWE-918 5.0 Medium2026-03-11
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization CWE-89 7.5AIHighAI2026-03-11
CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization CWE-89 6.5 Medium2026-03-05
CVE-2026-29077 Frappe: Broken Access Control in DocShare CWE-284 7.1 High2026-03-05
CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html CWE-79 5.4 -2026-03-05
CVE-2026-25956 Frappe Affected by XSS and Open Redirect in Sign Up CWE-601 6.1 Medium2026-02-10
CVE-2025-69083 WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability CWE-98 8.1 High2026-01-06
CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal CWE-22 7.5 High2026-01-05
CVE-2025-68929 Frappe may be vulnerable remote code execution due to server-side template injection CWE-1336 9.1 Critical2025-12-29
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files CWE-22 6.8 Medium2025-12-01
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations CWE-89 7.1 High2025-12-01
CVE-2025-62407 Frappe has an Open Redirect on Login Page CWE-601 6.1 Medium2025-10-16
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations CWE-89 7.5AIHighAI2025-08-20
CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations CWE-89 7.5AIHighAI2025-08-20
CVE-2025-52898 Frappe account takeover via password reset token leakage CWE-200 9.1AICriticalAI2025-06-30
CVE-2025-52896 Frappe authenticated XSS via data import CWE-79 5.4AIMediumAI2025-06-30
CVE-2025-52895 Frappe possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-06-30
CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-03-26
CVE-2025-30214 Frappe vulnerable to information disclosure leading to account takeover CWE-200 8.1AIHighAI2025-03-25
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation CWE-20 8.8AIHighAI2025-03-25
CVE-2025-30212 Frappe has possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-03-25
CVE-2024-34074 Frappe vuilnerable to an open redirect on login page CWE-601 6.1 Medium2024-05-09
CVE-2024-27105 Frappe File Permissions can by bypassed using certain endpoints CWE-863 8.1 High2024-03-20
CVE-2024-24813 Frappe SQL Injection from reporting logic CWE-89 7.5 High2024-03-20

All 38 known CVE vulnerabilities affecting Frappé with full Chinese analysis, references, and POCs where available.