Is elmsln/haxcms safe to use?

elmsln/haxcms has 4 known vulnerabilities on the latest version (0.12.3). DepScope rates its health at 20/100 (critical risk).

What is the latest version of elmsln/haxcms?

The latest version of elmsln/haxcms is 0.12.3, released 2019-10-03.

Does elmsln/haxcms have known vulnerabilities?

Yes. elmsln/haxcms has 4 known vulnerabilities. See depscope.dev/pkg/composer/elmsln/haxcms for details.

Is elmsln/haxcms deprecated?

No, elmsln/haxcms is actively maintained. Latest release: 0.12.3 (2019-10-03).

What are alternatives to elmsln/haxcms?

DepScope has no curated alternatives for elmsln/haxcms at this time.

What license does elmsln/haxcms use?

elmsln/haxcms is licensed under Apache-2.0.

elmsln/haxcms

composerv0.12.3

Headless CMS for managing and publishing hybrid static, web component driven sites.

License Apache-2.0permissive17 versions6 deps

elmsln/HAXcms

/ 100

Health

update required

elmsln/[email protected] has vulnerabilities — update to latest

Update to >= 11.0.0 to fix known vulnerabilities

Low health score (20/100)
2 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

11/25

security

9/15

maturity

0/15

community

Vulnerabilities

2 high2 medium

Advisories (4)

Severity	ID	Summary	Fixed in
high	CVE-2025-49137	Hax CMS Stored Cross-Site Scripting vulnerability	11.0.0
medium	CVE-2025-54139	HAX CMS application pages vulnerable to clickjacking	11.0.8
high	CVE-2025-54378	HAX CMS API Lacks Authorization Checks	11.0.14
medium	CVE-2025-49138	HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter	11.0.0

Health History

Dependency Tree

License Audit

Dependencies (6)

php guzzlehttp/guzzle twig/twig icamys/php-sitemap-generator symfony/filesystem gumlet/php-image-resize

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/elmsln/haxcms

Last updated · 2019-10-03T14:31:58+00:00