Browse all 10 CVE security advisories affecting galette. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Galette serves as a membership management system for associations and non-profits, handling member data, contributions, and event organization. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from improper input validation and insecure file handling. The application's PHP-based architecture and frequent exposure to public networks have made it a target for attackers seeking to compromise server infrastructure. Notable incidents include CVE-2021-39227, which allowed unauthenticated RCE via crafted API requests, and CVE-2020-35847, enabling XSS through member profile fields. These vulnerabilities highlight ongoing challenges in secure coding practices within the project.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-58053 | Galette has a privilege escalation vulnerability — galetteCWE-269 | 8.8AI | HighAI | 2025-12-19 |
| CVE-2025-58052 | Galette has groups managers access control bypass on Members — galetteCWE-863 | 6.5AI | MediumAI | 2025-12-19 |
| CVE-2025-53922 | Galette has access control bypass — galetteCWE-863 | 2.7AI | LowAI | 2025-12-19 |
| CVE-2025-48884 | Galette is vulnerable to XSS through Document Type — galetteCWE-80 | 6.1AI | MediumAI | 2025-11-04 |
| CVE-2025-48076 | Galette is vulnerable to Cross-site Scripting — galetteCWE-87 | 5.4AI | MediumAI | 2025-11-04 |
| CVE-2024-24761 | Galette public pages accessibility restriction — galetteCWE-863 | 7.5 | High | 2024-03-06 |
| CVE-2021-41261 | Stored Cross-site Scripting in Galette — galetteCWE-79 | 8.1 | High | 2021-12-16 |
| CVE-2021-41262 | SQL Injection in Galette — galetteCWE-89 | 8.8 | High | 2021-12-16 |
| CVE-2021-41260 | Missing CSRF checks in Galette — galetteCWE-352 | 8.2 | High | 2021-12-16 |
| CVE-2021-21319 | Several stored XSS — galetteCWE-79 | 6.8 | Medium | 2021-10-25 |
This page lists every published CVE security advisory associated with galette. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.