-
Notifications
You must be signed in to change notification settings - Fork 13
Security: nextcloud/security-advisories
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
App PIN code can be bypassed in Files iOSGHSA-j8g7-88vv-rggv published
Dec 18, 2023 by nickvergessenModerate -
Calendar app returns full stacktrace when an error happens while editing appointmentGHSA-fv3c-qvjr-5rv8 published
Dec 18, 2023 by nickvergessenLow -
Server-Side Request Forgery (SSRF) in Mail appGHSA-4pp4-m8ph-2999 published
Nov 21, 2023 by nickvergessenLow -
DNS pin middleware can be tricked into DNS rebinding allowing SSRFGHSA-8f69-f9jg-4x3v published
Nov 21, 2023 by nickvergessenModerate -
user_ldap app logs user passwords in the log file on level debugGHSA-35p6-4992-w5fr published
Nov 21, 2023 by nickvergessenModerate -
Can enable/disable birthday calendar for any userGHSA-8jwv-c8c8-9fr3 published
Nov 21, 2023 by nickvergessenModerate -
Admins can change authentication details of user configured external storageGHSA-2448-44rp-c7hh published
Nov 21, 2023 by nickvergessenLow -
Self XSS when pasting HTML into Text app with Ctrl+Shift+VGHSA-p7g9-x25m-4h87 published
Nov 21, 2023 by nickvergessenLow -
HTML injection in search UI when selecting a circle with HTML in the display nameGHSA-wgpw-qqq2-gwv6 published
Nov 21, 2023 by nickvergessenLow -
Global site selector authentication bypassGHSA-vj5q-f63m-wp77 published
Jan 18, 2024 by nickvergessenCritical