github.com/mattermost/mattermost-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2017-18907Mediumgithub.com/mattermost/mattermost-server: Mattermost Server vulnerable to XSS through channel headersCVE-2017-18900Criticalgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable CSV Injection CVE-2017-18908Criticalgithub.com/mattermost/mattermost-server: Mattermost Server password reset email requests can be sent to attacker-provided email addressesCVE-2017-18901Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes private team invite ID CVE-2017-18905Mediumgithub.com/mattermost/mattermost-server: Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service providerCVE-2017-18903Highgithub.com/mattermost/mattermost-server: Mattermost Server vulnerable to CSRF if CORS is enabledCVE-2017-18904Mediumgithub.com/mattermost/mattermost-server: Mattermost Server vulnerable to XSS via an uploaded fileCVE-2017-18906Highgithub.com/mattermost/mattermost-server: Mattermost Server vulnerable to user account takeover when Single Sign-On OAuth2 is usedCVE-2017-18898Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to DoS through maliciously crafted postsCVE-2017-18891Mediumgithub.com/mattermost/mattermost-server: Mattermost Server does not safeguard against phishing via error page linksCVE-2017-18888Criticalgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to SQL Injection when executing multiple POST requestsCVE-2017-18895Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes sensitive user status information via REST API version 4 endpointCVE-2017-18890Mediumgithub.com/mattermost/mattermost-server: Mattermost Server allows attackers to create buttons that can launch API requestsCVE-2017-18896Mediumgithub.com/mattermost/mattermost-server: Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpointCVE-2017-18894Highgithub.com/mattermost/mattermost-server: Mattermost Server has intermittent Authorization bypass for resource-ownersCVE-2017-18892Mediumgithub.com/mattermost/mattermost-server: Mattermost Server does not neutralize HTML content in an Email template fieldCVE-2017-18897Mediumgithub.com/mattermost/mattermost-server: Mattermost Server mishandles redirect denial actionCVE-2017-18893Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to XSS through display name fieldCVE-2017-18885Criticalgithub.com/mattermost/mattermost-server: Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with…CVE-2017-18889Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to webhook and slash command manipulationCVE-2017-18884Criticalgithub.com/mattermost/mattermost-server: Mattermost Server exposes OAuth personal access tokens to attackersCVE-2017-18886Highgithub.com/mattermost/mattermost-server: Mattermost Server does not properly restrict use of slash commandsCVE-2017-18887Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes team creator's e-mail address to other membersCVE-2017-18877Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny pageCVE-2017-18875Mediumgithub.com/mattermost/mattermost-server: Mattermost Server does not prevent System Admin from arbitrary file creation

Stop the waste.
Protect your environment with Kodem.