github.com/mattermost/mattermost-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-22892Mediumgithub.com/mattermost/mattermost-server: Mattermost doesn't validate user permissions when creating Jira issues from Mattermost postsCVE-2025-14435Mediumgithub.com/mattermost/mattermost-server: Mattermost is vulnerable to DoS due to infinite re-renders on API errorsCVE-2025-14822Lowgithub.com/mattermost/mattermost-server: Mattermost is vulnerable to CPU exhaustion via crafted HTTP requestCVE-2025-13767Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to…CVE-2025-64641Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the…CVE-2025-13324Mediumgithub.com/mattermost/mattermost: Mattermost has an Invite Token Replay Vulnerability via Channel Membership ManipulationCVE-2025-12421Criticalgithub.com/mattermost/mattermost/server/v8: Mattermost fails to to verify the token used during code exchangeCVE-2025-12559Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to sanitize team email addressesCVE-2025-12419Criticalgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly validate OAuth state tokens during OpenID Connect authenticationCVE-2025-55074Lowgithub.com/mattermost/mattermost-server: Mattermost allows other users to determine when users had read channels via channel member objectsCVE-2025-11794Mediumgithub.com/mattermost/mattermost-server: Mattermost allows system administrators to access password hashes and MFA secretsCVE-2025-55070Mediumgithub.com/mattermost/mattermost-server: Mattermost does not enforce MFA on WebSocket connectionsCVE-2025-55073Mediumgithub.com/mattermost/mattermost-server: Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect…CVE-2025-11776Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost fails to properly restrict access to archived channel search APICVE-2025-41436Lowgithub.com/mattermost/mattermost-server: Mattermost allows regular users to access archived channel content and filesCVE-2025-11777Lowgithub.com/mattermost/mattermost-server: Mattermost Incorrect Authorization vulnerabilityCVE-2025-58073Highgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-10545Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has an Incorrect Authorization vulnerabilityCVE-2025-41410Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-58075Highgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-41443Mediumgithub.com/mattermost/mattermost/server/v8: Mattermost has a Missing Authorization vulnerabilityCVE-2025-54499Lowgithub.com/mattermost/mattermost/server/v8: Mattermost has an Observable Timing Discrepancy vulnerabilityCVE-2025-9079Highgithub.com/mattermost/mattermost-server: Mattermost Path Traversal vulnerabilityCVE-2025-9081Lowgithub.com/mattermost/mattermost-plugin-boards: Mattermost boards plugin fails to restrict download access to filesCVE-2025-9078Mediumgithub.com/mattermost/mattermost-server: Mattermost makes Use of Weak Hash

Stop the waste.
Protect your environment with Kodem.