Please report any security issues or concerns to info@payloadcms.com.
Security: payloadcms/payload
Security
SECURITY.md
-
Server-Side Request Forgery (SSRF) in External File URL UploadsGHSA-hhfx-5x8j-f5f6 published
Feb 23, 2026 by denolfeModerate -
Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)GHSA-jq29-r496-r955 published
Feb 5, 2026 by denolfeModerate -
SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite AdaptersGHSA-xx6w-jxg9-2wh8 published
Feb 5, 2026 by denolfeCritical -
Hidden fields can be leaked on readable collectionsGHSA-35jj-vqcf-f2jf published
Apr 26, 2023 by denolfeHigh
Learn more about advisories related to payloadcms/payload in the GitHub Advisory Database