github.com/zitadel/zitadel vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-49753Mediumgithub.com/zitadel/zitadel: Denied Host Validation Bypass in Zitadel ActionsCVE-2024-41952Mediumgithub.com/zitadel/zitadel: ZITADEL "ignoring unknown usernames" vulnerabilityCVE-2024-41953Mediumgithub.com/zitadel/zitadel: ZITADEL has improper HTML sanitization in emails and Console UICVE-2024-39683Mediumgithub.com/zitadel/zitadel: ZITADEL Vulnerable to Session Information LeakageCVE-2024-32967Mediumgithub.com/zitadel/zitadel: Zitadel exposing internal database user name and host informationCVE-2024-32868Highgithub.com/zitadel/zitadel: ZITADEL's Improper Lockout Mechanism Leads to MFA BypassCVE-2024-29891Highgithub.com/zitadel/zitadel: ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP BypassCVE-2024-29892Highgithub.com/zitadel/zitadel: ZITADEL's actions can overload reserved claimsCVE-2024-28855Highgithub.com/zitadel/zitadel: Improper HTML sanitization in ZITADELCVE-2024-28197Highgithub.com/zitadel/zitadel: Account Takeover via Session Fixation in Zitadel [Bypassing MFA]CVE-2023-49097Highgithub.com/zitadel/zitadel: ZITADEL Account Takeover via Malicious Host Header InjectionCVE-2023-47111Highgithub.com/zitadel/zitadel: ZITADEL race condition in lockout policy executionCVE-2023-44399Mediumgithub.com/zitadel/zitadel: ZITADEL's password reset does not respect the "Ignoring unknown usernames" settingCVE-2023-22492Mediumgithub.com/zitadel/zitadel: Zitadel RefreshToken invalidation vulnerabilityCVE-2022-36051Highgithub.com/zitadel/zitadel: Broken Authorization in ZITADEL Actions

Stop the waste.
Protect your environment with Kodem.