github.com/mattermost/mattermost-server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2017-18876Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to Path Traversal when files are stored locallyCVE-2017-18883Mediumgithub.com/mattermost/mattermost-server: Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service ProviderCVE-2017-18879Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to XSS through author_link field in Slack attachmentsCVE-2017-18878Mediumgithub.com/mattermost/mattermost-server: Mattermost Server allows users with a session ID to revoke another users' sessionCVE-2017-18873Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to channel invisibility DoS via misformatted postCVE-2017-18870Mediumgithub.com/mattermost/mattermost-server: Mattermost Server has mishandled webhook access controlCVE-2016-11081Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes information stored by a web browserCVE-2017-18871Highgithub.com/mattermost/mattermost-server: Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into…CVE-2016-11084Mediumgithub.com/mattermost/mattermost-server: Mattermost Server allows XSS via CSRFCVE-2016-11079Mediumgithub.com/mattermost/mattermost-server: Mattermost Server allows XSS via redirect URLCVE-2017-18872Mediumgithub.com/mattermost/mattermost-server: Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing AuthorizationCVE-2016-11080Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes account details to any Team AdministratorCVE-2017-18874Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to Directory Traversal by System AdminsCVE-2016-11082Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to XSS through crafted linksCVE-2016-11083Mediumgithub.com/mattermost/mattermost-server: Mattermost Server: Files may be rendered inline instead of downloaded, allowing script executionCVE-2016-11077Lowgithub.com/mattermost/mattermost-server: Mattermost Server allows System Admin to modify LDAP account names and email addressesCVE-2016-11075Mediumgithub.com/mattermost/mattermost-server: Mattermost Server exposes sensitive information about team URLs via an APICVE-2016-11067Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to Uncontrolled Resource ConsumptionCVE-2016-11074Highgithub.com/mattermost/mattermost-server: Mattermost Server: Insufficient Password-Reset Link InvalidationCVE-2016-11076Highgithub.com/mattermost/mattermost-server: Mattermost Server does not check if cookies are used over SSLCVE-2016-11071Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer`…CVE-2016-11069Highgithub.com/mattermost/mattermost-server: Mattermost Server does not enforce rate limits on password change attemptsCVE-2016-11068Mediumgithub.com/mattermost/mattermost-server: Mattermost Server is vulnerable to Code Injection through its LDAP fieldsCVE-2016-11066Highgithub.com/mattermost/mattermost-server: Mattermost Server: initial_load API exposes unnecessary informationCVE-2016-11072Mediumgithub.com/mattermost/mattermost-server: Mattermost Server's Session ID and Session Token are potentially compromised

Stop the waste.
Protect your environment with Kodem.