CMS

payloadcms/payload

Payload is the open-source, fullstack Next.js framework, giving you instant backend superpowers. Get a full TypeScript backend and admin panel instantly. Use Payload as a headless CMS or for building powerful applications.

#headless-cms#cms#express#graphql#react#payload#nodejs#typescript#javascript#mongodb#headless#content-management-system#content-management#mit-license#open-source#payloadcms#jamstack#postgres#nextjs

スコア

/ 100

Star

42,414

Fork

3,719

Open Issue

341

サイズ

181MB

言語

TypeScript ★

最終push

0 日前

Docker

—

採点内訳

過去CVE 10件 (適量)

✓

直近 push: 0 日前

✓

得意言語 (TypeScript)

✓

オープンissue 341件

✓

大規模 (181MB)

—

Docker 未対応

—

10k–50k: 中級 (★42,414)

—

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (10 件)

CRITICALGHSA-hp5w-3hxx-vmwf CVE-2026-347512026/3/30
Unvalidated Input in Password Recovery Endpoints
MEDIUMGHSA-frq9-7j6g-v74x CVE-2026-347502026/3/30
Insufficient Filename Validation in Client-Upload Signed-URL Endpoints
MEDIUMGHSA-p6mr-xf3r-ghq4 CVE-2026-347492026/3/30
CSRF Protection Bypass in Authentication Flow
HIGHGHSA-6r7f-q7f5-wpx8 CVE-2026-347462026/3/30
Authenticated SSRF via Upload Functionality
HIGHGHSA-mmxc-95ch-2j7c CVE-2026-347482026/3/30
Stored XSS in Admin Panel
HIGHGHSA-7xxh-373w-35vg CVE-2026-347472026/3/30
SQL Injection via Query Handling
MEDIUMGHSA-hhfx-5x8j-f5f6 CVE-2026-275672026/2/23
Server-Side Request Forgery (SSRF) in External File URL Uploads
CRITICALGHSA-xx6w-jxg9-2wh8 CVE-2026-255442026/2/5
SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
MEDIUMGHSA-jq29-r496-r955 CVE-2026-255742026/2/5
Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)
HIGHGHSA-35jj-vqcf-f2jf CVE-2023-308432023/4/26
Hidden fields can be leaked on readable collections