@umbraco-cms/backoffice (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @umbraco-cms/backoffice, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2025-24012 — CVSS 4.6 (medium): Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2…
CVE-2024-47819 — CVSS 4.2 (medium): Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and…