{"package":"elmsln/haxcms","ecosystem":"composer","latest_version":"0.12.3","description":"Headless CMS for managing and publishing hybrid static, web component driven sites.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"","repository":"https://github.com/elmsln/HAXcms","downloads_weekly":0,"health":{"score":20,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":11,"maturity":9,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":2,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2025-49137","severity":"high","summary":"Hax CMS Stored Cross-Site Scripting vulnerability","affected_versions":"<11.0.0|=0.0.1|=0.1.0|=0.11.0|=0.12.0|=0.12.1|=0.12.2|=0.12.3|=0.2.0|=0.3.0|=0.4.0|=0.5.0|=0.6.0|=0.7.0|=0.8.0|=0.8.1|=0.8.2|=0.9.0","fixed_version":"11.0.0","source":"osv","published_at":"2025-06-09T17:43:37Z","in_kev":false,"epss_prob":0.00276,"epss_percentile":0.50989,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-54139","severity":"medium","summary":"HAX CMS application pages vulnerable to clickjacking","affected_versions":"<11.0.13|<11.0.8|=0.0.1|=0.1.0|=0.11.0|=0.12.0|=0.12.1|=0.12.2|=0.12.3|=0.2.0|=0.3.0|=0.4.0|=0.5.0|=0.6.0|=0.7.0|=0.8.0|=0.8.1|=0.8.2|=0.9.0","fixed_version":"11.0.8","source":"osv","published_at":"2025-07-21T21:12:44Z","in_kev":false,"epss_prob":0.00107,"epss_percentile":0.28515,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-54378","severity":"high","summary":"HAX CMS API Lacks Authorization Checks","affected_versions":"<11.0.14|<11.0.14|=0.0.1|=0.1.0|=0.11.0|=0.12.0|=0.12.1|=0.12.2|=0.12.3|=0.2.0|=0.3.0|=0.4.0|=0.5.0|=0.6.0|=0.7.0|=0.8.0|=0.8.1|=0.8.2|=0.9.0","fixed_version":"11.0.14","source":"osv","published_at":"2025-07-25T20:10:22Z","in_kev":false,"epss_prob":0.00089,"epss_percentile":0.25194,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-49138","severity":"medium","summary":"HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter","affected_versions":"<11.0.0|=0.0.1|=0.1.0|=0.11.0|=0.12.0|=0.12.1|=0.12.2|=0.12.3|=0.2.0|=0.3.0|=0.4.0|=0.5.0|=0.6.0|=0.7.0|=0.8.0|=0.8.1|=0.8.2|=0.9.0","fixed_version":"11.0.0","source":"osv","published_at":"2025-06-09T17:47:06Z","in_kev":false,"epss_prob":0.00387,"epss_percentile":0.59858,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.12.3","total_count":17,"recent":["0.12.3","0.12.2","0.12.1","0.12.0","0.11.0","0.9.0","0.8.2","0.8.1","0.8.0","0.7.0","0.6.0","0.5.0","0.4.0","0.3.0","0.2.0","0.1.0","0.0.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2019-10-03T14:31:58+00:00","dependencies_count":6,"dependencies":["php","guzzlehttp/guzzle","twig/twig","icamys/php-sitemap-generator","symfony/filesystem","gumlet/php-image-resize"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (20/100)","2 high severity vulnerabilities"],"use_version":"0.12.3","version_hint":"Update to >= 11.0.0 to fix known vulnerabilities","summary":"elmsln/haxcms@0.12.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":426,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":17,"first_release_age_days":null,"last_release_days_ago":2402,"avg_days_between_releases":null,"release_velocity":"stale"}}