MGeurts/genealogy

MGeurts/genealogy

genealogy.kreaweb.be

Releases221

Frequency3 days 22 hours

Last Release 17 days ago

Stars343

Genealogy is a free and open-source family tree PHP application to record family members and their relationships, build with LARAVEL 13.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-39355 ↗	Apr 7, 2026Tuesday, 7 April 2026, 19:16	9.9 CRITICAL	—
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces and unrestricted access to all genealogy data associated with the compromised team. This vulnerability is fixed in 5.9.1.
CVE-2025-55288 ↗	Aug 18, 2025Monday, 18 August 2025, 17:15	5.5 MEDIUM	—
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
CVE-2025-55287 ↗	Aug 18, 2025Monday, 18 August 2025, 17:15	5.4 MEDIUM	—
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.