-
Notifications
You must be signed in to change notification settings - Fork 13
Security: nextcloud/security-advisories
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Missing brute force protection on OAuth2 API controllerGHSA-vv27-g2hq-v48h published
Aug 10, 2023 by nickvergessenModerate -
Path traversal allows tricking the Talk Android app into writing files into it's root directoryGHSA-36f7-93f3-mcfj published
Aug 10, 2023 by nickvergessenHigh -
Notes attachment render HTML in preview modeGHSA-6g88-37x7-4vw6 published
Aug 10, 2023 by nickvergessenLow -
Users can delete external storage mount pointsGHSA-xwxx-2752-w3xm published
Aug 10, 2023 by nickvergessenHigh -
Issuer not verified from obtained token in user_oidcGHSA-xx3h-v363-q36j published
Aug 10, 2023 by nickvergessenModerate -
user_oidc app stores client secret unencrypted in databaseGHSA-3f92-5c8p-f6gq published
Aug 10, 2023 by nickvergessenLow -
Advanced permissions not respected when copying entire group foldersGHSA-cq8w-v4fh-4rjq published
Aug 10, 2023 by nickvergessenModerate -
End-to-End encrypted file-drops can be made inaccessibleGHSA-x7c7-v5r3-mg37 published
Jun 22, 2023 by nickvergessenModerate -
Password reset endpoint is not brute force protectedGHSA-mjf5-p765-qmr6 published
Jun 22, 2023 by nickvergessenHigh -
Open redirect on "Unsupported browser" warningGHSA-h353-vvwv-j2r4 published
Jun 22, 2023 by nickvergessenModerate