[MEDIUM] Contao discloses sensitive information in the front end search index

PKSA-34p6-239r-z7w2 CVE-2025-57756 GHSA-2xmj-8wmq-7475

Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0-RC1,<5.3.38|>=4.9.14,<4.13.56

Reported by:
GitHub

[HIGH] Directory traversal vulnerability in the file manager

PKSA-3m2g-ygwq-rxnz CVE-2023-29200 GHSA-fp7q-xhhw-6rj3

Affected version: >=4.9.0,<4.9.40|>=4.13.0,<4.13.21|>=5.1.0,<5.1.4

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] Cross site scripting via canonical URL

PKSA-jgdm-q1xh-kwnj CVE-2022-24899 GHSA-m8x6-6r63-qvj2

Affected version: >=4.13.0,<4.13.3

Reported by:
FriendsOfPHP/security-advisories, GitHub