github.com/mattermost/mattermost/server/v8 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-1412Lowgithub.com/mattermost/mattermost/server/v8: Mattermost fails to invalidate all active sessions when converting a user to a botCVE-2025-20051Criticalgithub.com/mattermost/mattermost/server/v8: Mattermost allows reading arbitrary filesCVE-2025-20621Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost webapp crash via a crafted postCVE-2025-20088Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate post propsCVE-2025-20086Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate post propsCVE-2025-21088Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Incorrect Type Conversion or CastCVE-2025-22449Lowgithub.com/mattermost/mattermost/server/v8: Mattermost Incorrect Authorization vulnerabilityCVE-2025-20033Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Improper Validation of Specified Type of Input vulnerabilityCVE-2025-22445Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has Improper Check for Unusual or Exceptional ConditionsCVE-2024-54682Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Data Amplification vulnerabilityCVE-2024-54083Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Improper Validation of Specified Type of Input vulnerabilityCVE-2024-48872Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Race Condition vulnerabilityCVE-2024-47401Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Server vulnerable to application crash from attacker-generated large responseCVE-2024-50052Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost server allows authenticated user to delete arbitrary postCVE-2024-46872Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request ForgeryCVE-2024-10241Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Server allows user to get private channel namesCVE-2024-10214Lowgithub.com/mattermost/mattermost/server/v8: Mattermost incorrectly issues two sessions when using desktop SSOCVE-2024-47003Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` eventsCVE-2024-43780Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows guest user with read access to upload files to a channelCVE-2024-42497Highgithub.com/mattermost/mattermost/server/v8: Mattermost allows user with systems manager role with read-only access to teams to perform write…CVE-2024-40884Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows team admin user without "Add Team Members" permission to disable invite URLCVE-2024-39836Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost allows remote/synthetic users to create sessions, reset passwordsCVE-2024-32939Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't redact remote users' original email addressesCVE-2024-40886Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost Cross-Site Request Forgery vulnerabilityCVE-2024-8071Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't restrict which roles can promote a user as system admin

Stop the waste.
Protect your environment with Kodem.