github.com/mattermost/mattermost/server/v8 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-13352Lowgithub.com/mattermost/mattermost/server/v8: Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction InjectionCVE-2025-13870Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate user permissions in BoardsCVE-2025-12756Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to validate user permissions when deleting comments in BoardsCVE-2025-12421Criticalgithub.com/mattermost/mattermost/server/v8: Mattermost fails to to verify the token used during code exchangeCVE-2025-12559Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to sanitize team email addressesCVE-2025-12419Criticalgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate OAuth state tokens during OpenID Connect authenticationCVE-2025-55074Lowgithub.com/mattermost/mattermost-server: Mattermost allows other users to determine when users had read channels via channel member objectsCVE-2025-11794Mediumgithub.com/mattermost/mattermost-server: Mattermost allows system administrators to access password hashes and MFA secretsCVE-2025-55070Mediumgithub.com/mattermost/mattermost-server: Mattermost does not enforce MFA on WebSocket connectionsCVE-2025-55073Mediumgithub.com/mattermost/mattermost-server: Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect…CVE-2025-11776Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly restrict access to archived channel search APICVE-2025-41436Lowgithub.com/mattermost/mattermost-server: Mattermost allows regular users to access archived channel content and filesCVE-2025-11777Lowgithub.com/mattermost/mattermost-server: Mattermost Incorrect Authorization vulnerabilityCVE-2025-58073Highgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-10545Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has an Incorrect Authorization vulnerabilityCVE-2025-41410Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-58075Highgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-41443Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-54499Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has an Observable Timing Discrepancy vulnerabilityCVE-2025-9079Highgithub.com/mattermost/mattermost-server: Mattermost Path Traversal vulnerabilityCVE-2025-9081Lowgithub.com/mattermost/mattermost-plugin-boards: Mattermost boards plugin fails to restrict download access to filesCVE-2025-9078Mediumgithub.com/mattermost/mattermost-server: Mattermost makes Use of Weak HashCVE-2025-9084Lowgithub.com/mattermost/mattermost/server/v8: Mattermost Open Redirect vulnerabilityCVE-2025-9072Highgithub.com/mattermost/mattermost-server: Mattermost Open Redirect vulnerabilityCVE-2025-9076Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Missing Authorization vulnerability

Stop the waste.
Protect your environment with Kodem.