Alchemy-cms Alchemy Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Alchemy-cms Alchemy Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-23885 — CVSS 6.4 (medium): Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application…
CVE-2018-18307 — CVSS 6.1 (medium): A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's…