[LOW] Kirby vulnerable to path traversal in the router for PHP's built-in server

PKSA-psph-xw59-snn6 CVE-2025-30207 GHSA-9p3p-w5jf-8xxg

Affected version: >=4.0.0,<4.7.1|>=3.10.0,<3.10.1.2|<3.9.8.3

Reported by:
GitHub

[MEDIUM] Kirby vulnerable to path traversal of collection names during file system lookup

PKSA-2y53-wq8k-h8qy CVE-2025-31493 GHSA-x275-h9j4-7p4h

Affected version: >=4.0.0,<4.7.1|>=3.10.0,<3.10.1.2|<3.9.8.3

Reported by:
GitHub

[HIGH] Kirby has insufficient permission checks in the language settings

PKSA-qp36-pv2c-kj8n CVE-2024-41964 GHSA-jm9m-rqr3-wfmh

Affected version: >=4.0.0,<=4.3.0|>=3.10.0,<=3.10.1|>=3.9.0,<=3.9.8.1|>=3.8.0,<=3.8.4.3|>=3.7.0,<=3.7.5.4|<=3.6.6.5

Reported by:
GitHub