Please report any security issues or concerns to info@payloadcms.com.
Security: payloadcms/payload
Security
SECURITY.md
-
Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)GHSA-jq29-r496-r955 published
Feb 5, 2026 by denolfeModerate -
SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite AdaptersGHSA-xx6w-jxg9-2wh8 published
Feb 5, 2026 by denolfeCritical -
Hidden fields can be leaked on readable collectionsGHSA-35jj-vqcf-f2jf published
Apr 26, 2023 by denolfeHigh
Learn more about advisories related to payloadcms/payload in the GitHub Advisory Database