Security Advisories - october/rain - Packagist.org

october/rain Security Advisories for v3.4.15 (3)

[MEDIUM] October Rain has Stored XSS via SVG Filter Bypass

PKSA-22sk-dxft-df3d CVE-2026-25133 GHSA-gcqv-f29m-67gr

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub
[MEDIUM] October Rain has Environment Variable Exfiltration via INI Parser Interpolation

PKSA-qst9-2ky5-dhpn CVE-2026-25125 GHSA-g6v3-wv4j-x9hg

Affected version: <=3.7.13|>=4.0.0,<=4.1.9

Reported by:
GitHub
[MEDIUM] October Rain has a Twig Sandbox Bypass via Collection Methods

PKSA-7hg1-vmz2-j7w6 CVE-2026-22692 GHSA-m5qg-jc75-4jp6

Affected version: <=3.7.12|>=4.0.0,<=4.1.4

Reported by:
GitHub