Browse all 72 CVE security advisories affecting ChurchCRM. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ChurchCRM is an open-source church management system designed to handle member data, donations, and group organization. Its extensive history of 68 recorded Common Vulnerabilities and Exposures highlights significant security deficiencies, primarily stemming from inadequate input validation and authentication controls. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often exacerbated by improper access control mechanisms that allow privilege escalation. These flaws frequently enable unauthenticated attackers to execute arbitrary code or extract sensitive organizational data. While the platform serves a niche administrative function, its security posture has been critically compromised by repeated failures to patch known issues. The accumulation of these defects suggests systemic neglect in code review and dependency management, posing substantial risks to institutions relying on the software for confidential member information and financial records.
GHSA-cwp8-rm8g-q5c92026-05-22CVE-2026-405822026-05-22GHSA-3xp8-c86x-cwpp2026-05-22CVE-2026-393372026-05-22GHSA-86132026-04-18CVE-2025-404832026-04-18CVE-2025-405822026-04-18CVE-2026-404842026-04-18CVE-2024-404852026-04-18Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with ChurchCRM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.