pterodactyl/panel vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-J7F5-GFQM-PCX3Mediumpterodactyl/panel: Pterodactyl Panel: Client email change endpoint allows enumeration of accounts in systemCVE-2026-35202Lowpterodactyl/panel: Pterodactyl has a database resource limit bypass via race condition in Client APICVE-2026-26016Criticalpterodactyl/panel: Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing…GHSA-HR7J-63V7-VJ7GHighpterodactyl/panel: Pterodactyl Panel's SFTP sessions remain active after user account deletion or password changeCVE-2025-69198Mediumpterodactyl/panel: Pterodactyl improperly locks resources allowing raced queries to create more resources than allotedCVE-2025-69197Mediumpterodactyl/panel: Pterodactyl TOTPs can be reused during validity windowCVE-2025-68954Highpterodactyl/panel: Pterodactyl does not revoke SFTP access when server is deleted or permissions reducedGHSA-MGR9-6C2J-JXRQLowpterodactyl/panel: Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”CVE-2025-49132Criticalpterodactyl/panel: Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code ExecutionCVE-2024-49762Mediumpterodactyl/panel: Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is…CVE-2024-34067Mediumpterodactyl/panel: Pterodactyl panel's admin area vulnerable to Cross-site ScriptingCVE-2019-1020002Highpterodactyl/panel: Pterodactyl vulnerable to 2FA SniffingGHSA-7V3X-H7R2-34JVMediumpterodactyl/panel: Insufficient Session Expiration in Pterodactyl APICVE-2021-41273Mediumpterodactyl/panel: Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment…CVE-2021-41176Lowpterodactyl/panel: pterodactyl/panel CSRF allowing an external page to trigger a user logout eventCVE-2021-41129Highpterodactyl/panel: Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token…GHSA-5822-PW57-VV37Mediumpterodactyl/panel: XSS vulnerability when listing users on add & modify server pages.

Stop the waste.
Protect your environment with Kodem.